Lucene search

[email protected]CVE-2008-2087

HistoryMay 06, 2008 - 3:20 p.m.

CVE-2008-2087

2008-05-0615:20:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-2087

sql injection

softbiz

web host directory script

nvd

8.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

66.1%

JSON

SQL injection vulnerability in search_result.php in Softbiz Web Host Directory Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the host_id parameter, a different vector than CVE-2005-3817.

CPENameOperatorVersion
softbiz:web_hosting_directory_scriptsoftbiz web hosting directory scripteq*

CPE	Name	Operator	Version
softbiz:web_hosting_directory_script	softbiz web hosting directory script	eq	*

References

advisories.echo.or.id/adv/adv89-K-159-2008.txt

secunia.com/advisories/29983

securityreason.com/securityalert/3855

www.securityfocus.com/archive/1/491396/100/0/threaded

www.securityfocus.com/bid/28971

exchange.xforce.ibmcloud.com/vulnerabilities/42096

www.exploit-db.com/exploits/5517

8.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

66.1%

JSON

Related for CVE-2008-2087

prion1 cvelist2 cve1