Lucene search

[email protected]CVE-2008-0280

HistoryJan 15, 2008 - 9:00 p.m.

CVE-2008-0280

2008-01-1521:00:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-0280

sql injection

mtcms 2.0

remote attackers

nvd

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

46.7%

JSON

SQL injection vulnerability in index.php in MTCMS 2.0 and possibly earlier versions allows remote attackers to execute arbitrary SQL commands via the (1) a or (2) cid parameter.

CPENameOperatorVersion
mtcms:mtcmsmtcmseq2.0

CPE	Name	Operator	Version
mtcms:mtcms	mtcms	eq	2.0

References

secunia.com/advisories/28428

securityreason.com/securityalert/3544

www.securityfocus.com/archive/1/486090/100/0/threaded

www.securityfocus.com/bid/27224

exchange.xforce.ibmcloud.com/vulnerabilities/39597

www.exploit-db.com/exploits/4882

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

46.7%

JSON

Related for CVE-2008-0280

cvelist1 prion1