Lucene search

[email protected]CVE-2008-2177

HistoryMay 13, 2008 - 10:20 p.m.

CVE-2008-2177

2008-05-1322:20:00

CWE-89

[email protected]

web.nvd.nist.gov

cve

sql injection

phpdirectorysource

security vulnerability

8.5 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

57.1%

JSON

Multiple SQL injection vulnerabilities in phpDirectorySource 1.1.06, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) lid parameter to show.php and the (2) login parameter to admin.php.

Affected configurations

NVD

Node

php_directory_sourcephpdirectorysourceMatch1.1.06

CPENameOperatorVersion
php_directory_source:phpdirectorysourcephp directory source phpdirectorysourceeq1.1.06

CPE	Name	Operator	Version
php_directory_source:phpdirectorysource	php directory source phpdirectorysource	eq	1.1.06

References

secunia.com/advisories/30056

www.securityfocus.com/bid/29039

www.vupen.com/english/advisories/2008/1432/references

exchange.xforce.ibmcloud.com/vulnerabilities/42212

exchange.xforce.ibmcloud.com/vulnerabilities/42213

www.exploit-db.com/exploits/5537

8.5 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

57.1%

JSON

Related for CVE-2008-2177

cvelist1 prion1 nvd1