Lucene search

[email protected]CVE-2008-4178

HistorySep 23, 2008 - 3:25 p.m.

CVE-2008-4178

2008-09-2315:25:42

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

tr.php

downlinegoldmine

special category addon

downline builder pro

new addon

downline goldmine builder

vulnerability

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.6%

JSON

SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

downline_goldminebuilder

downline_goldminebuilderMatchspecial_category_addon

downline_goldminebuilderMatchunknownunknownpro

downline_goldminenew_addon

downline_goldminenew_addonMatchpro

CPENameOperatorVersion
downline_goldmine:builderdownline goldmine buildereq*
downline_goldmine:builderdownline goldmine buildereqspecial_category_addon
downline_goldmine:builderdownline goldmine builderequnknown
downline_goldmine:new_addondownline goldmine new addoneq*
downline_goldmine:new_addondownline goldmine new addoneqpro

CPE	Name	Operator	Version
downline_goldmine:builder	downline goldmine builder	eq	*
downline_goldmine:builder	downline goldmine builder	eq	special_category_addon
downline_goldmine:builder	downline goldmine builder	eq	unknown
downline_goldmine:new_addon	downline goldmine new addon	eq	*
downline_goldmine:new_addon	downline goldmine new addon	eq	pro

References

packetstorm.linuxsecurity.com/0809-exploits/categoryaddon-sql.txt

packetstorm.linuxsecurity.com/0809-exploits/downline-sql.txt

packetstormsecurity.org/0809-exploits/newdownline-sql.txt

secunia.com/advisories/31812

www.securityfocus.com/bid/31169

www.vupen.com/english/advisories/2008/2992

www.vupen.com/english/advisories/2008/2993

www.vupen.com/english/advisories/2008/2994

www.vupen.com/english/advisories/2008/2995

exchange.xforce.ibmcloud.com/vulnerabilities/45128

www.exploit-db.com/exploits/6946

www.exploit-db.com/exploits/6947

www.exploit-db.com/exploits/6950

www.exploit-db.com/exploits/6951

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

77.6%

JSON

Related for CVE-2008-4178

cvelist1 nvd1 prion1