Lucene search

[email protected]CVE-2008-2521

HistoryJun 03, 2008 - 3:32 p.m.

CVE-2008-2521

2008-06-0315:32:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-2521

sql injection

yabsoft

mega file hosting script

mfh

1.2

nvd

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

38.3%

JSON

SQL injection vulnerability in members.php in YABSoft Mega File Hosting Script (aka MFH or MFHS) 1.2 allows remote authenticated users to execute arbitrary SQL commands via the fid parameter.

Affected configurations

NVD

Node

yabsoftmega_file_hosting_scriptMatch1.2

CPENameOperatorVersion
yabsoft:mega_file_hosting_scriptyabsoft mega file hosting scripteq1.2

CPE	Name	Operator	Version
yabsoft:mega_file_hosting_script	yabsoft mega file hosting script	eq	1.2

References

secunia.com/advisories/30210

www.securityfocus.com/bid/29167

exchange.xforce.ibmcloud.com/vulnerabilities/42355

www.exploit-db.com/exploits/5598

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

38.3%

JSON

Related for CVE-2008-2521

nvd1 cvelist1 prion1