Lucene search

[email protected]CVE-2008-1272

HistoryMar 10, 2008 - 11:44 p.m.

CVE-2008-1272

2008-03-1023:44:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-1272

sql injection

bm classifieds

remote attackers

security vulnerabilities

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

41.4%

JSON

Multiple SQL injection vulnerabilities in BM Classifieds 20080309 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) cat parameter to showad.php and the (2) ad parameter to pfriendly.php.

Affected configurations

NVD

Node

bmscriptsbm_classifiedsRange≤20080309

CPENameOperatorVersion
bmscripts:bm_classifiedsbmscripts bm classifiedsle20080309

CPE	Name	Operator	Version
bmscripts:bm_classifieds	bmscripts bm classifieds	le	20080309

References

secunia.com/advisories/29297

www.securityfocus.com/bid/28159

exchange.xforce.ibmcloud.com/vulnerabilities/41066

www.exploit-db.com/exploits/5223

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

41.4%

JSON

Related for CVE-2008-1272

prion1 nvd1 cvelist1