Lucene search

[email protected]CVE-2008-1351

HistoryMar 17, 2008 - 4:44 p.m.

CVE-2008-1351

2008-03-1716:44:00

CWE-89

[email protected]

web.nvd.nist.gov

xoops

tutorials 2.1b

sql injection

cve-2008-1351

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

41.7%

JSON

SQL injection vulnerability in the Tutorials 2.1b module for XOOPS allows remote attackers to execute arbitrary SQL commands via the tid parameter to printpage.php, which is accessible directly or through a printpage action to index.php.

Affected configurations

NVD

Node

xoopstutoriais_moduleMatch2.1b

CPENameOperatorVersion
xoops:tutoriais_modulexoops tutoriais moduleeq2.1b

CPE	Name	Operator	Version
xoops:tutoriais_module	xoops tutoriais module	eq	2.1b

References

secunia.com/advisories/29358

www.securityfocus.com/bid/28230

www.exploit-db.com/exploits/5245

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

41.7%

JSON

Related for CVE-2008-1351

cvelist1 prion1 nvd1