Lucene search

[email protected]CVE-2008-1868

HistoryApr 17, 2008 - 7:05 p.m.

CVE-2008-1868

2008-04-1719:05:00

CWE-287

[email protected]

web.nvd.nist.gov

cve-2008-1868

blog pixel motion

authentication bypass

remote attack

database backup dump

sensitive information

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.1%

JSON

admin/sauvBase.php in Blog Pixel Motion (aka Blog PixelMotion) does not require authentication, which allows remote attackers to trigger a database backup dump, and obtain the resulting blogPM.sql file that contains sensitive information.

CPENameOperatorVersion
pixel_motion:pixel_motion_blogpixel motion pixel motion blogeq*

CPE	Name	Operator	Version
pixel_motion:pixel_motion_blog	pixel motion pixel motion blog	eq	*

References

www.vupen.com/english/advisories/2008/1121/references

exchange.xforce.ibmcloud.com/vulnerabilities/41671

www.exploit-db.com/exploits/5380

7.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

81.1%

JSON

Related for CVE-2008-1868

cvelist1 prion1