Lucene search

[email protected]CVE-2008-2629

HistoryJun 10, 2008 - 12:32 a.m.

CVE-2008-2629

2008-06-1000:32:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-2629

sql injection

lifetype module

drupal

remote attackers

nvd

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

41.4%

JSON

SQL injection vulnerability in the LifeType (formerly pLog) module for Drupal allows remote attackers to execute arbitrary SQL commands via the albumId parameter in a ViewAlbum action to index.php.

Affected configurations

NVD

Node

drupaldrupal

AND

lifetypelifetype

CPENameOperatorVersion
lifetype:lifetypelifetypeeq*

CPE	Name	Operator	Version
lifetype:lifetype	lifetype	eq	*

References

www.securityfocus.com/bid/29495

exchange.xforce.ibmcloud.com/vulnerabilities/42808

www.exploit-db.com/exploits/5724

8.3 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

41.4%

JSON

Related for CVE-2008-2629

nessus1 cvelist1 prion1 nvd1