Lucene search

[email protected]CVE-2008-0371

HistoryJan 22, 2008 - 8:00 p.m.

CVE-2008-0371

2008-01-2220:00:00

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

alitalk 1.9.1.1

remote authenticated users

arbitrary commands

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.6%

JSON

Multiple SQL injection vulnerabilities in aliTalk 1.9.1.1, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via (1) the mohit parameter to (a) inc/receivertwo.php; and allow remote attackers to execute arbitrary SQL commands via (2) the id parameter to (b) inc/usercp.php, related to functionz/usercp.php; or (3) the username parameter to © admin/index.php, related to functionz/first_process.php, or (d) index.php. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

alilgalitalkMatch1.9.1.1

CPENameOperatorVersion
alilg:alitalkalilg alitalkeq1.9.1.1

CPE	Name	Operator	Version
alilg:alitalk	alilg alitalk	eq	1.9.1.1

References

secunia.com/advisories/28515

www.securityfocus.com/bid/27315

exchange.xforce.ibmcloud.com/vulnerabilities/39733

exchange.xforce.ibmcloud.com/vulnerabilities/39735

exchange.xforce.ibmcloud.com/vulnerabilities/39736

exchange.xforce.ibmcloud.com/vulnerabilities/39745

www.exploit-db.com/exploits/4922

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.2 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.6%

JSON

Related for CVE-2008-0371

prion1 cvelist1 nvd1