Lucene search

MitreCVE-2008-4605

HistoryOct 18, 2008 - 12:18 a.m.

CVE-2008-4605

2008-10-1800:18:53

CWE-89

mitre

web.nvd.nist.gov

cve-2008-4605

sql injection

cafeengine

remote attackers

arbitrary commands

dish.php

menu.php

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.002

Percentile

58.5%

JSON

SQL injection vulnerability in CafeEngine allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) dish.php and (2) menu.php.

Affected configurations

Nvd

Node

cafeengineeasycafeengineMatch1.1

VendorProductVersionCPE
cafeengineeasycafeengine1.1cpe:2.3:a:cafeengine:easycafeengine:1.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
cafeengine	easycafeengine	1.1	cpe:2.3:a:cafeengine:easycafeengine:1.1:::::::*

References

secunia.com/advisories/32308

securityreason.com/securityalert/4434

www.securityfocus.com/bid/31786

exchange.xforce.ibmcloud.com/vulnerabilities/45929

www.exploit-db.com/exploits/6762

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.002

Percentile

58.5%

JSON

Related for CVE-2008-4605