Lucene search

[email protected]CVE-2008-4377

HistoryOct 01, 2008 - 3:38 p.m.

CVE-2008-4377

2008-10-0115:38:36

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-4377

sql injection

index.asp

creative mind creator cms 5.0

remote attackers

arbitrary sql commands

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.5%

JSON

SQL injection vulnerability in index.asp in Creative Mind Creator CMS 5.0 allows remote attackers to execute arbitrary SQL commands via the sideid parameter.

Affected configurations

NVD

Node

creative_mindcreator_cmsMatch5.0

CPENameOperatorVersion
creative_mind:creator_cmscreative mind creator cmseq5.0

CPE	Name	Operator	Version
creative_mind:creator_cms	creative mind creator cms	eq	5.0

References

osvdb.org/47979

secunia.com/advisories/31819

securityreason.com/securityalert/4335

www.securityfocus.com/bid/31084

exchange.xforce.ibmcloud.com/vulnerabilities/44981

www.exploit-db.com/exploits/6405

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.5%

JSON

Related for CVE-2008-4377

prion1 nvd1 cvelist1