Lucene search
MitreCVE-2008-2023HistoryApr 30, 2008 - 12:05 p.m.
CVE-2008-2023
2008-04-3012:05:00
CWE-89
mitre
web.nvd.nist.gov
26
cve
sql injection
pd9 software
megabbs 2.2
remote attackers
arbitrary commands
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.5
Confidence
Low
EPSS
0.002
Percentile
56.6%
Multiple SQL injection vulnerabilities in PD9 Software MegaBBS 2.2 allow remote attackers to execute arbitrary SQL commands via the (1) invisible and (2) timeoffset parameters to profile/controlpanel.asp and the (3) attachmentid parameter to forums/attach-file.asp.
Affected configurations
Node
pd9_softwaremegabbsMatch2.2
| Vendor | Product | Version | CPE |
|---|---|---|---|
| pd9_software | megabbs | 2.2 | cpe:2.3:a:pd9_software:megabbs:2.2:*:*:*:*:*:*:* |
Related
prion
prion
Sql injection
2008-04-30 12:05:00
cvelist
cvelist
CVE-2008-2023
2008-04-30 10:00:00
nvd
nvd
CVE-2008-2023
2008-04-30 12:05:00
exploitdb
exploitdb
Megabbs Forum 2.2 - SQL Injection / Cross-Site Scripting
2008-04-27 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.5
Confidence
Low
EPSS
0.002
Percentile
56.6%
Related for CVE-2008-2023