Lucene search

[email protected]CVE-2008-0538

HistoryFeb 01, 2008 - 8:00 p.m.

CVE-2008-0538

2008-02-0120:00:00

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

phpip management

vulnerability

remote attack

nvd

cve-2008-0538

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.0%

JSON

Multiple SQL injection vulnerabilities in phpIP Management 4.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) password parameter to login.php, the (2) id parameter to display.php, and unspecified other vectors. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

phpipphpip_managementMatch4.3.2

CPENameOperatorVersion
phpip:phpip_managementphpip phpip managementeq4.3.2

CPE	Name	Operator	Version
phpip:phpip_management	phpip phpip management	eq	4.3.2

References

marc.info/?l=full-disclosure&m=120139657100513&w=2

secunia.com/advisories/28656

www.securityfocus.com/archive/1/487122/100/0/threaded

www.securityfocus.com/bid/27468

www.vupen.com/english/advisories/2008/0346

exchange.xforce.ibmcloud.com/vulnerabilities/39965

www.exploit-db.com/exploits/4990

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.0%

JSON

Related for CVE-2008-0538

prion1 openvas1 cvelist1 nvd1