Lucene search

[email protected]CVE-2008-1895

HistoryApr 18, 2008 - 10:05 p.m.

CVE-2008-1895

2008-04-1822:05:00

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

carbon communities

remote attackers

nvd

cve-2008-1895

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.4%

JSON

Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to events.asp, the (2) UserName parameter to getpassword.asp, and possibly an unspecified parameter to (3) option_Update.asp in an edit action.

Affected configurations

NVD

Node

carboncommunitiescarbon_communitiesRange≤2.4

carboncommunitiescarbon_communitiesMatch1.0

carboncommunitiescarbon_communitiesMatch1.1

carboncommunitiescarbon_communitiesMatch2.1

carboncommunitiescarbon_communitiesMatch2.2

carboncommunitiescarbon_communitiesMatch2.3

CPENameOperatorVersion
carboncommunities:carbon_communitiescarboncommunities carbon communitiesle2.4
carboncommunities:carbon_communitiescarboncommunities carbon communitieseq1.0
carboncommunities:carbon_communitiescarboncommunities carbon communitieseq1.1
carboncommunities:carbon_communitiescarboncommunities carbon communitieseq2.1
carboncommunities:carbon_communitiescarboncommunities carbon communitieseq2.2
carboncommunities:carbon_communitiescarboncommunities carbon communitieseq2.3

CPE	Name	Operator	Version
carboncommunities:carbon_communities	carboncommunities carbon communities	le	2.4
carboncommunities:carbon_communities	carboncommunities carbon communities	eq	1.0
carboncommunities:carbon_communities	carboncommunities carbon communities	eq	1.1
carboncommunities:carbon_communities	carboncommunities carbon communities	eq	2.1
carboncommunities:carbon_communities	carboncommunities carbon communities	eq	2.2
carboncommunities:carbon_communities	carboncommunities carbon communities	eq	2.3

References

bugreport.ir/index.php?/35

bugreport.ir/index.php?/35/exploit

secunia.com/advisories/29827

www.securityfocus.com/archive/1/490923/100/0/threaded

www.securityfocus.com/bid/28806

exchange.xforce.ibmcloud.com/vulnerabilities/41845

www.exploit-db.com/exploits/5456

8.6 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

72.4%

JSON

Related for CVE-2008-1895

cvelist1 nvd1 prion1