Lucene search

MitreCVE-2008-3491

HistoryAug 06, 2008 - 5:41 p.m.

CVE-2008-3491

2008-08-0617:41:00

CWE-89

mitre

web.nvd.nist.gov

cve-2008-3491

sql injection

go.php

scripts24

ipost 1.0.1

itgp 1.0.4

remote execution

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.013

Percentile

86.0%

JSON

SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTGP 1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a report action.

Affected configurations

Nvd

Node

scripts24ipostMatch1.0.1

scripts24itgpMatch1.0.4

VendorProductVersionCPE
scripts24ipost1.0.1cpe:2.3:a:scripts24:ipost:1.0.1:*:*:*:*:*:*:*
scripts24itgp1.0.4cpe:2.3:a:scripts24:itgp:1.0.4:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
scripts24	ipost	1.0.1	cpe:2.3:a:scripts24:ipost:1.0.1:::::::*
scripts24	itgp	1.0.4	cpe:2.3:a:scripts24:itgp:1.0.4:::::::*

References

osvdb.org/47333

secunia.com/advisories/31344

secunia.com/advisories/31345

securityreason.com/securityalert/4117

www.securityfocus.com/bid/30504

www.securityfocus.com/bid/30505

exchange.xforce.ibmcloud.com/vulnerabilities/44175

exchange.xforce.ibmcloud.com/vulnerabilities/44176

www.exploit-db.com/exploits/6185

www.exploit-db.com/exploits/6186

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.013

Percentile

86.0%

JSON

Related for CVE-2008-3491