Lucene search

[email protected]CVE-2008-2642

HistoryJun 10, 2008 - 6:32 p.m.

CVE-2008-2642

2008-06-1018:32:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-2642

sql injection

otomigenx 2.2

security vulnerability

remote attackers

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.0%

JSON

SQL injection vulnerability in login.php in OtomiGenX 2.2 allows remote attackers to execute arbitrary SQL commands via the userAccount parameter (aka the User Name field) to index.php. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

kmrg-itbotomigenxMatch2.2

CPENameOperatorVersion
kmrg-itb:otomigenxkmrg-itb otomigenxeq2.2

CPE	Name	Operator	Version
kmrg-itb:otomigenx	kmrg-itb otomigenx	eq	2.2

References

secunia.com/advisories/30504

securityreason.com/securityalert/3932

www.securityfocus.com/archive/1/492914/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/42795

exchange.xforce.ibmcloud.com/vulnerabilities/42817

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.0%

JSON

Related for CVE-2008-2642

prion1 nvd1 cvelist1