Lucene search

[email protected]CVE-2008-2203

HistoryMay 14, 2008 - 5:20 p.m.

CVE-2008-2203

2008-05-1417:20:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-2203

sql injection

maian search 1.1

remote attackers

arbitrary commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.9%

JSON

SQL injection vulnerability in search.php in Maian Search 1.1 allows remote attackers to execute arbitrary SQL commands via the keywords parameter in a search action.

Affected configurations

NVD

Node

maianscriptworldmaian_searchMatch1.1

CPENameOperatorVersion
maianscriptworld:maian_searchmaianscriptworld maian searcheq1.1

CPE	Name	Operator	Version
maianscriptworld:maian_search	maianscriptworld maian search	eq	1.1

References

securityreason.com/securityalert/3883

www.securityfocus.com/archive/1/491586/100/0/threaded

www.securityfocus.com/bid/29032

exchange.xforce.ibmcloud.com/vulnerabilities/42196

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

50.9%

JSON

Related for CVE-2008-2203

nvd1 prion1 cvelist1