Lucene search

[email protected]CVE-2008-1867

HistoryApr 17, 2008 - 7:05 p.m.

CVE-2008-1867

2008-04-1719:05:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-1867

sql injection

blog pixel motion

remote attackers

arbitrary commands

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

27.7%

JSON

SQL injection vulnerability in Blog Pixel Motion (aka Blog PixelMotion) allows remote attackers to execute arbitrary SQL commands via the categorie parameter to index.php, possibly related to include/requetesIndex.php.

Affected configurations

NVD

Node

pixel_motionpixel_motion_blog

CPENameOperatorVersion
pixel_motion:pixel_motion_blogpixel motion pixel motion blogeq*

CPE	Name	Operator	Version
pixel_motion:pixel_motion_blog	pixel motion pixel motion blog	eq	*

References

www.securityfocus.com/bid/28645

www.vupen.com/english/advisories/2008/1121/references

exchange.xforce.ibmcloud.com/vulnerabilities/41668

www.exploit-db.com/exploits/5382

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

27.7%

JSON

Related for CVE-2008-1867

nvd1 prion1 cvelist1