Lucene search
HistoryOct 21, 2008 - 1:18 a.m.
CVE-2008-4620
sql injection
mrbs
vulnerability
remote attackers
arbitrary commands
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.4 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
49.5%
SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php.
Affected configurations
Node
mrbsmrbsRange≤1.2.6
ORmrbsmrbsMatch0.5
ORmrbsmrbsMatch0.6
ORmrbsmrbsMatch0.7
ORmrbsmrbsMatch0.8
ORmrbsmrbsMatch0.8pre1
ORmrbsmrbsMatch0.8pre2
ORmrbsmrbsMatch0.8pre3
ORmrbsmrbsMatch0.8pre4
ORmrbsmrbsMatch0.8pre5
ORmrbsmrbsMatch0.8pre6
ORmrbsmrbsMatch0.9pre-1
ORmrbsmrbsMatch0.9pre-2
ORmrbsmrbsMatch0.9.1
ORmrbsmrbsMatch0.9.2
ORmrbsmrbsMatch1.0
ORmrbsmrbsMatch1.0pre-1
ORmrbsmrbsMatch1.0pre-2
ORmrbsmrbsMatch1.1
ORmrbsmrbsMatch1.1pre-1
ORmrbsmrbsMatch1.1pre-2
ORmrbsmrbsMatch1.2
ORmrbsmrbsMatch1.2pre-1
ORmrbsmrbsMatch1.2pre-2
ORmrbsmrbsMatch1.2pre-3
ORmrbsmrbsMatch1.2.1
ORmrbsmrbsMatch1.2.2
ORmrbsmrbsMatch1.2.3
ORmrbsmrbsMatch1.2.4
ORmrbsmrbsMatch1.2.5
ORmrbsmrbsMatch1.2.6.1
Related
nessus
nessus
Meeting Room Booking System (MRBS) month.php area Parameter SQL Injection
2009-02-05 00:00:00
cvelist
cvelist
CVE-2008-4620
2008-10-21 00:00:00
nvd
nvd
CVE-2008-4620
2008-10-21 01:18:01
prion
prion
Sql injection
2008-10-21 01:18:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.4 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
49.5%
Related for CVE-2008-4620