Lucene search

[email protected]CVE-2008-1968

HistoryApr 27, 2008 - 6:05 p.m.

CVE-2008-1968

2008-04-2718:05:00

CWE-89

[email protected]

web.nvd.nist.gov

cve

2008

1968

sql injection

cezanne 7

remote authenticated users

funid parameter

nvd

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.1%

JSON

Multiple SQL injection vulnerabilities in Cezanne 7 allow remote authenticated users to execute arbitrary SQL commands via the FUNID parameter to (1) CFLookup.asp and (2) CznCommon/CznCustomContainer.asp.

Affected configurations

NVD

Node

cezanneswcezanneMatch7

CPENameOperatorVersion
cezannesw:cezannecezannesw cezanneeq7

CPE	Name	Operator	Version
cezannesw:cezanne	cezannesw cezanne	eq	7

References

securityreason.com/securityalert/3830

www.s21sec.com/avisos/s21sec-43-en.txt

www.securityfocus.com/archive/1/490843/100/0/threaded

www.securityfocus.com/bid/28773

exchange.xforce.ibmcloud.com/vulnerabilities/41816

6 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.1%

JSON

Related for CVE-2008-1968

cvelist1 nvd1 prion1