Lucene search

[email protected]CVE-2008-4078

HistorySep 15, 2008 - 3:14 p.m.

CVE-2008-4078

2008-09-1515:14:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-4078

sql injection

ledgersmb

sql-ledger

vulnerability

nvd

remote authenticated users

arbitrary sql commands

8.1 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.5%

JSON

SQL injection vulnerability in the AR/AP transaction report in (1) LedgerSMB (LSMB) before 1.2.15 and (2) SQL-Ledger 2.8.17 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.

CPENameOperatorVersion
sql-ledger:sql-ledgersql-ledgerle2.8.17
ledgersmb:ledgersmbledgersmblt1.2.15

CPE	Name	Operator	Version
sql-ledger:sql-ledger	sql-ledger	le	2.8.17
ledgersmb:ledgersmb	ledgersmb	lt	1.2.15

References

secunia.com/advisories/31843

securityreason.com/securityalert/4250

sourceforge.net/project/shownotes.php?group_id=175965&release_id=624978

www.securityfocus.com/archive/1/496181/100/0/threaded

www.securityfocus.com/bid/31109

exchange.xforce.ibmcloud.com/vulnerabilities/45034

8.1 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.004 Low

EPSS

Percentile

73.5%

JSON

Related for CVE-2008-4078

debiancve1 cvelist1 prion1 ubuntucve1