Lucene search

[email protected]CVE-2008-3185

HistoryJul 15, 2008 - 10:41 p.m.

CVE-2008-3185

2008-07-1522:41:00

CWE-89

[email protected]

web.nvd.nist.gov

cve

sql injection

index.php

remote attackers

arbitrary sql commands

listings action

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

66.2%

JSON

SQL injection vulnerability in index.php in Relative Real Estate Systems 3.0 and earlier allows remote attackers to execute arbitrary SQL commands via the listing_id parameter in a listings action.

Affected configurations

NVD

Node

vclcomponentsrelative_real_estate_systemsRange≤3.0

CPENameOperatorVersion
vclcomponents:relative_real_estate_systemsvclcomponents relative real estate systemsle3.0

CPE	Name	Operator	Version
vclcomponents:relative_real_estate_systems	vclcomponents relative real estate systems	le	3.0

References

e-rdc.org/v1/news.php?readmore=101

securityreason.com/securityalert/4002

www.securityfocus.com/archive/1/493663/100/0/threaded

www.securityfocus.com/bid/29915

www.vupen.com/english/advisories/2008/1926/references

exchange.xforce.ibmcloud.com/vulnerabilities/43316

www.exploit-db.com/exploits/5924

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

66.2%

JSON

Related for CVE-2008-3185

prion1 cvelist1 nvd1