Lucene search

[email protected]CVE-2008-3748

HistoryAug 21, 2008 - 5:41 p.m.

CVE-2008-3748

2008-08-2117:41:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-3748

sql injection

view_group.php

active php bookmarks

apb 1.1.02

apb 1.2.06

remote attackers

arbitrary sql commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.7%

JSON

SQL injection vulnerability in view_group.php in Active PHP Bookmarks (APB) 1.1.02 and 1.2.06 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Affected configurations

NVD

Node

lbstoneactive_php_bookmarksMatch1.1.02

lbstoneactive_php_bookmarksMatch1.2.06

lbstoneapbMatch1.1.02

lbstoneapbMatch1.2.06

CPENameOperatorVersion
lbstone:active_php_bookmarkslbstone active php bookmarkseq1.1.02
lbstone:active_php_bookmarkslbstone active php bookmarkseq1.2.06
lbstone:apblbstone apbeq1.1.02
lbstone:apblbstone apbeq1.2.06

CPE	Name	Operator	Version
lbstone:active_php_bookmarks	lbstone active php bookmarks	eq	1.1.02
lbstone:active_php_bookmarks	lbstone active php bookmarks	eq	1.2.06
lbstone:apb	lbstone apb	eq	1.1.02
lbstone:apb	lbstone apb	eq	1.2.06

References

secunia.com/advisories/31544

securityreason.com/securityalert/4174

www.securityfocus.com/bid/30757

exchange.xforce.ibmcloud.com/vulnerabilities/44548

www.exploit-db.com/exploits/6277

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.7%

JSON

Related for CVE-2008-3748

cvelist1 nvd1 prion1