Lucene search

[email protected]CVE-2008-4487

HistoryOct 08, 2008 - 2:00 a.m.

CVE-2008-4487

2008-10-0802:00:01

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-4487

sql injection

atarone cms

vulnerability

remote attackers

arbitrary sql commands

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.9%

JSON

SQL injection vulnerability in ap-save.php in Atarone CMS 1.2.0 allows remote attackers to execute arbitrary SQL commands via the (1) site_name, (2) email, (3) theme_chosen, (4) hp, (5) c_meta, (6) id, and (7) c_js parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected configurations

NVD

Node

ataroneataroneMatch1.2.0

CPENameOperatorVersion
atarone:ataroneataroneeq1.2.0

CPE	Name	Operator	Version
atarone:atarone	atarone	eq	1.2.0

References

secunia.com/advisories/32100

www.securityfocus.com/bid/31610

exchange.xforce.ibmcloud.com/vulnerabilities/45704

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

49.9%

JSON

Related for CVE-2008-4487

cvelist1 prion1 nvd1