Lucene search

[email protected]CVE-2008-1961

HistoryApr 25, 2008 - 7:05 p.m.

CVE-2008-1961

2008-04-2519:05:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-1961

sql injection

index.php

voice of web

allmyguests 0.4.1

remote attackers

nvd

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

27.6%

JSON

SQL injection vulnerability in index.php in Voice Of Web AllMyGuests 0.4.1 allows remote attackers to execute arbitrary SQL commands via the AMG_id parameter in a comments action.

CPENameOperatorVersion
php_resource:voice_of_web_allmyguestsphp resource voice of web allmyguestseq0.4.1

CPE	Name	Operator	Version
php_resource:voice_of_web_allmyguests	php resource voice of web allmyguests	eq	0.4.1

References

www.securityfocus.com/bid/28850

exchange.xforce.ibmcloud.com/vulnerabilities/41910

www.exploit-db.com/exploits/5469

9.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

27.6%

JSON

Related for CVE-2008-1961

prion1 cvelist1