Lucene search

[email protected]CVE-2008-0686

HistoryFeb 12, 2008 - 1:00 a.m.

CVE-2008-0686

2008-02-1201:00:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-0686

sql injection

neoreferences

joomla

index.php

catid parameter

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.0%

JSON

SQL injection vulnerability in index.php in the NeoReferences (com_neoreferences) 1.3.1 and 1.3.3 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the catid parameter.

Affected configurations

NVD

Node

joomlacom_neoreferencesMatch1.3.1

joomlacom_neoreferencesMatch1.3.3

mambocom_neoreferencesMatch1.3.1

mambocom_neoreferencesMatch1.3.3

CPENameOperatorVersion
joomla:com_neoreferencesjoomla com neoreferenceseq1.3.1
joomla:com_neoreferencesjoomla com neoreferenceseq1.3.3
mambo:com_neoreferencesmambo com neoreferenceseq1.3.1
mambo:com_neoreferencesmambo com neoreferenceseq1.3.3

CPE	Name	Operator	Version
joomla:com_neoreferences	joomla com neoreferences	eq	1.3.1
joomla:com_neoreferences	joomla com neoreferences	eq	1.3.3
mambo:com_neoreferences	mambo com neoreferences	eq	1.3.1
mambo:com_neoreferences	mambo com neoreferences	eq	1.3.3

References

secunia.com/advisories/28736

www.securityfocus.com/bid/27564

exchange.xforce.ibmcloud.com/vulnerabilities/40167

www.exploit-db.com/exploits/5034

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.0%

JSON

Related for CVE-2008-0686

nvd1 cvelist1 prion1