Lucene search

[email protected]CVE-2008-1350

HistoryMar 17, 2008 - 4:44 p.m.

CVE-2008-1350

2008-03-1716:44:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-1350

sql injection

kb.php

fully modded phpbb

phpbbfm

remote code execution

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.1%

JSON

SQL injection vulnerability in kb.php in Fully Modded phpBB (phpbbfm) 80220 allows remote attackers to execute arbitrary SQL commands via the k parameter in an article action.

Affected configurations

NVD

Node

fully_modded_phpbbfully_modded_phpbb

CPENameOperatorVersion
fully_modded_phpbb:fully_modded_phpbbfully modded phpbbeq*

CPE	Name	Operator	Version
fully_modded_phpbb:fully_modded_phpbb	fully modded phpbb	eq	*

References

secunia.com/advisories/29339

securityreason.com/securityalert/3745

www.securityfocus.com/archive/1/489468/100/0/threaded

www.securityfocus.com/bid/28225

exchange.xforce.ibmcloud.com/vulnerabilities/41192

www.exploit-db.com/exploits/5243

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.1%

JSON

Related for CVE-2008-1350

prion1 nvd1 cvelist1