Lucene search

[email protected]CVE-2008-0429

HistoryJan 23, 2008 - 10:00 p.m.

CVE-2008-0429

2008-01-2322:00:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-0429

sql injection

alstrasoft forum

pay per post exchange 2.0

security vulnerability

remote attack

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.8%

JSON

SQL injection vulnerability in index.php in AlstraSoft Forum Pay Per Post Exchange 2.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter in a forum_catview action.

Affected configurations

NVD

Node

alstrasoftforum_pay_per_post_exchangeMatch2.0

CPENameOperatorVersion
alstrasoft:forum_pay_per_post_exchangealstrasoft forum pay per post exchangeeq2.0

CPE	Name	Operator	Version
alstrasoft:forum_pay_per_post_exchange	alstrasoft forum pay per post exchange	eq	2.0

References

secunia.com/advisories/28581

www.securityfocus.com/bid/27381

www.vupen.com/english/advisories/2008/0231

exchange.xforce.ibmcloud.com/vulnerabilities/39820

www.exploit-db.com/exploits/4956

www.exploit-db.com/exploits/6401

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.8%

JSON

Related for CVE-2008-0429

prion1 cvelist1 nvd1