Lucene search

MitreCVE-2008-3749

HistoryAug 21, 2008 - 5:41 p.m.

CVE-2008-3749

2008-08-2117:41:00

CWE-89

mitre

web.nvd.nist.gov

sql injection

tr.php

yourfreeworld banner management script

vulnerability

remote attackers

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.003

Percentile

71.6%

JSON

SQL injection vulnerability in tr.php in YourFreeWorld Banner Management Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Affected configurations

Nvd

Node

yourfreeworldbanner_management_script

VendorProductVersionCPE
yourfreeworldbanner_management_script*cpe:2.3:a:yourfreeworld:banner_management_script:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
yourfreeworld	banner_management_script	*	cpe:2.3:a:yourfreeworld:banner_management_script::::::::

References

secunia.com/advisories/31542

securityreason.com/securityalert/4175

www.securityfocus.com/bid/30756

www.vupen.com/english/advisories/2008/2989

exchange.xforce.ibmcloud.com/vulnerabilities/44551

www.exploit-db.com/exploits/6276

www.exploit-db.com/exploits/6936

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.003

Percentile

71.6%

JSON

Related for CVE-2008-3749