Lucene search

[email protected]CVE-2008-4205

HistorySep 24, 2008 - 2:56 p.m.

CVE-2008-4205

2008-09-2414:56:52

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

security vulnerability

attachmax dolphin 2.1.0

remote attackers

arbitrary sql commands

search.php

index.php

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.1%

JSON

SQL injection vulnerability in search.php Attachmax Dolphin 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the category parameter in a Search action to index.php. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

attachmaxdolphinMatch2.1.0

CPENameOperatorVersion
attachmax:dolphinattachmax dolphineq2.1.0

CPE	Name	Operator	Version
attachmax:dolphin	attachmax dolphin	eq	2.1.0

References

e-rdc.org/v1/news.php?readmore=108

osvdb.org/48270

secunia.com/advisories/31794

securityreason.com/securityalert/4307

www.securityfocus.com/archive/1/496427/100/0/threaded

www.securityfocus.com/bid/31207

www.exploit-db.com/exploits/6468

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.3 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

68.1%

JSON

Related for CVE-2008-4205

prion1 cvelist1 nvd1