Lucene search

[email protected]CVE-2008-1613

HistoryApr 22, 2008 - 4:41 a.m.

CVE-2008-1613

2008-04-2204:41:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-1613

sql injection

reddot cms

nvd

remote attackers

lngid parameter

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.0%

JSON

SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build 7.5.0.48, and possibly other versions including 6.5 and 7.0, allows remote attackers to execute arbitrary SQL commands via the LngId parameter.

CPENameOperatorVersion
reddot:cmsreddot cmseq6.5
reddot:cmsreddot cmseq7.5
reddot:cmsreddot cmseq7.0

CPE	Name	Operator	Version
reddot:cms	reddot cms	eq	6.5
reddot:cms	reddot cms	eq	7.5
reddot:cms	reddot cms	eq	7.0

References

secunia.com/advisories/29843

www.irmplc.com/index.php/167-Advisory-026

www.securityfocus.com/archive/1/491139/100/0/threaded

www.securityfocus.com/bid/28872

exchange.xforce.ibmcloud.com/vulnerabilities/41924

www.exploit-db.com/exploits/5482

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

65.0%

JSON

Related for CVE-2008-1613

securityvulns2 seebug1 packetstorm2 prion1