Lucene search

K
cveMitreCVE-2008-0739
HistoryFeb 13, 2008 - 1:00 a.m.

CVE-2008-0739

2008-02-1301:00:00
CWE-89
mitre
web.nvd.nist.gov
22
sql injection
candypress
admin
sa_shipfedexmeter.asp
fedexaccount
nvd
cve-2008-0739

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.001

Percentile

41.9%

SQL injection vulnerability in admin/SA_shipFedExMeter.asp in CandyPress (CP) 4.1.1.26, and earlier 4.x and 3.x versions, allows remote attackers to execute arbitrary SQL commands via the FedExAccount parameter.

Affected configurations

Nvd
Node
shoppingtreecandypress_storeRange4.1
OR
shoppingtreecandypress_storeMatch4.1.1.26
VendorProductVersionCPE
shoppingtreecandypress_store*cpe:2.3:a:shoppingtree:candypress_store:*:*:*:*:*:*:*:*
shoppingtreecandypress_store4.1.1.26cpe:2.3:a:shoppingtree:candypress_store:4.1.1.26:*:*:*:*:*:*:*

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.001

Percentile

41.9%

Related for CVE-2008-0739