Lucene search

[email protected]CVE-2008-2626

HistoryJun 10, 2008 - 12:32 a.m.

CVE-2008-2626

2008-06-1000:32:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-2626

sql injection

battle blog 1.25

remote attackers

nvd

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.3%

JSON

SQL injection vulnerability in comment.asp in Battle Blog 1.25 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter.

CPENameOperatorVersion
battleblog:battleblogbattleblogeq1.20
battleblog:battleblogbattleblogeq1.0d
battleblog:battleblogbattleblogle1.25
battleblog:battleblogbattleblogeq1.05

CPE	Name	Operator	Version
battleblog:battleblog	battleblog	eq	1.20
battleblog:battleblog	battleblog	eq	1.0d
battleblog:battleblog	battleblog	le	1.25
battleblog:battleblog	battleblog	eq	1.05

References

secunia.com/advisories/30503

www.davethewebguy.com/battleblog/article.asp?entry=24

www.securityfocus.com/bid/29507

www.vupen.com/english/advisories/2008/1737/references

exchange.xforce.ibmcloud.com/vulnerabilities/42818

www.exploit-db.com/exploits/5731

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.3%

JSON

Related for CVE-2008-2626

cvelist2 prion2 cve1