Lucene search

[email protected]CVE-2008-1957

HistoryApr 25, 2008 - 7:05 p.m.

CVE-2008-1957

2008-04-2519:05:00

CWE-89

[email protected]

web.nvd.nist.gov

cve

2008

1957

sql injection

tr script news 2.1

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.0%

JSON

SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode.

Affected configurations

NVD

Node

easyscriptstr_script_newsMatch2.1

CPENameOperatorVersion
easyscripts:tr_script_newseasyscripts tr script newseq2.1

CPE	Name	Operator	Version
easyscripts:tr_script_news	easyscripts tr script news	eq	2.1

References

secunia.com/advisories/29814

www.securityfocus.com/bid/28876

www.vupen.com/english/advisories/2008/1319/references

exchange.xforce.ibmcloud.com/vulnerabilities/41946

www.exploit-db.com/exploits/5483

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.0%

JSON

Related for CVE-2008-1957

cvelist1 nvd1 prion1