Lucene search

MitreCVE-2008-4354

HistorySep 30, 2008 - 6:15 p.m.

CVE-2008-4354

2008-09-3018:15:08

CWE-89

mitre

web.nvd.nist.gov

cve-2008-4354

netart media

iboutique

sql injection

products module

index.php

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.001

Percentile

37.5%

JSON

SQL injection vulnerability in the products module in NetArt Media iBoutique 4.0 allows remote attackers to execute arbitrary SQL commands via the cat parameter to index.php.

Affected configurations

Nvd

Node

net_art_mediaiboutiqueMatch4.0

VendorProductVersionCPE
net_art_mediaiboutique4.0cpe:2.3:a:net_art_media:iboutique:4.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
net_art_media	iboutique	4.0	cpe:2.3:a:net_art_media:iboutique:4.0:::::::*

References

secunia.com/advisories/31871

www.securityfocus.com/bid/31159

www.vupen.com/english/advisories/2008/2561

exchange.xforce.ibmcloud.com/vulnerabilities/45110

www.exploit-db.com/exploits/6444

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.001

Percentile

37.5%

JSON

Related for CVE-2008-4354