Lucene search

[email protected]CVE-2008-3682

HistoryAug 14, 2008 - 7:41 p.m.

CVE-2008-3682

2008-08-1419:41:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-3682

sql injection

ypn php realty

remote code execution

docid parameter

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.0%

JSON

SQL injection vulnerability in dpage.php in YPN PHP Realty allows remote attackers to execute arbitrary SQL commands via the docID parameter.

Affected configurations

NVD

Node

ypnincphp_realty

CPENameOperatorVersion
ypninc:php_realtyypninc php realtyeq*

CPE	Name	Operator	Version
ypninc:php_realty	ypninc php realty	eq	*

References

packetstorm.linuxsecurity.com/0808-exploits/phprealty-sql.txt

secunia.com/advisories/31484

www.securityfocus.com/bid/30678

exchange.xforce.ibmcloud.com/vulnerabilities/44431

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.0%

JSON

Related for CVE-2008-3682

prion1 nvd1 cvelist1