Lucene search

[email protected]CVE-2008-2535

HistoryJun 03, 2008 - 3:32 p.m.

CVE-2008-2535

2008-06-0315:32:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-2535

sql injection

phoenix view cms

security vulnerability

remote attack

arbitrary sql commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.5%

JSON

Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to execute arbitrary SQL commands via the del parameter to (1) gbuch.admin.php, (2) links.admin.php, (3) menue.admin.php, (4) news.admin.php, and (5) todo.admin.php in admin/module/.

Affected configurations

NVD

Node

fkrauthanphoenix_view_cmsMatch2-pre-alpha

CPENameOperatorVersion
fkrauthan:phoenix_view_cmsfkrauthan phoenix view cmseq2-pre-alpha

CPE	Name	Operator	Version
fkrauthan:phoenix_view_cms	fkrauthan phoenix view cms	eq	2-pre-alpha

References

exchange.xforce.ibmcloud.com/vulnerabilities/42316

www.exploit-db.com/exploits/5578

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.5%

JSON

Related for CVE-2008-2535

prion1 nvd1 cvelist1