Lucene search

[email protected]CVE-2008-4524

HistoryOct 09, 2008 - 6:14 p.m.

CVE-2008-4524

2008-10-0918:14:15

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

vulnerability

check user

adaptcms lite

adaptcms pro 1.3

remote attackers

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.9%

JSON

SQL injection vulnerability in the “Check User” feature (includes/check_user.php) in AdaptCMS Lite and AdaptCMS Pro 1.3 allows remote attackers to execute arbitrary SQL commands via the user_name parameter.

Affected configurations

NVD

Node

adaptcmsadaptcmsMatch1.3unknownlite

adaptcmsadaptcmsMatch1.3unknownpro

CPENameOperatorVersion
adaptcms:adaptcmsadaptcmseq1.3

CPE	Name	Operator	Version
adaptcms:adaptcms	adaptcms	eq	1.3

References

secunia.com/advisories/32171

securityreason.com/securityalert/4392

www.adaptcms.com/article/51/News/URGENT-AdaptCMS-13-Security-Fix-Released/

www.securityfocus.com/bid/31557

exchange.xforce.ibmcloud.com/vulnerabilities/45642

www.exploit-db.com/exploits/6662

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

75.9%

JSON

Related for CVE-2008-4524

prion1 cvelist1 nvd1