Lucene search

[email protected]CVE-2008-3386

HistoryJul 30, 2008 - 6:41 p.m.

CVE-2008-3386

2008-07-3018:41:00

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

alstrasoft video share enterprise

cve-2008-3386

nvd

security vulnerability

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

36.9%

JSON

SQL injection vulnerability in album.php in AlstraSoft Video Share Enterprise 4.51 allows remote attackers to execute arbitrary SQL commands via the UID parameter, a different vector than CVE-2007-4086.

CPENameOperatorVersion
alstrasoft:video_share_enterprisealstrasoft video share enterpriseeq4.51

CPE	Name	Operator	Version
alstrasoft:video_share_enterprise	alstrasoft video share enterprise	eq	4.51

References

secunia.com/advisories/31134

securityreason.com/securityalert/4075

www.securityfocus.com/bid/30272

exchange.xforce.ibmcloud.com/vulnerabilities/43861

www.exploit-db.com/exploits/6092

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

36.9%

JSON

Related for CVE-2008-3386

prion2 cve1