Lucene search

[email protected]CVE-2008-1631

HistoryApr 02, 2008 - 5:44 p.m.

CVE-2008-1631

2008-04-0217:44:00

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

cuteflow

vulnerability

index.php

security

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.8%

JSON

SQL injection vulnerability in login.php in CuteFlow 1.5.0 and 2.10.0 allows remote attackers to execute arbitrary SQL commands via the UserId parameter, related to the login form field in index.php.

Affected configurations

NVD

Node

emedia_office_gmbhcuteflowMatch1.5.0

emedia_office_gmbhcuteflowMatch2.10.0

CPENameOperatorVersion
emedia_office_gmbh:cuteflowemedia office gmbh cutefloweq1.5.0
emedia_office_gmbh:cuteflowemedia office gmbh cutefloweq2.10.0

CPE	Name	Operator	Version
emedia_office_gmbh:cuteflow	emedia office gmbh cuteflow	eq	1.5.0
emedia_office_gmbh:cuteflow	emedia office gmbh cuteflow	eq	2.10.0

References

secunia.com/advisories/29612

securityreason.com/securityalert/3792

www.securityfocus.com/archive/1/490305/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/41544

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.8%

JSON

Related for CVE-2008-1631

cvelist1 nvd1 prion1