Lucene search

MitreCVE-2008-4897

HistoryNov 04, 2008 - 12:58 a.m.

CVE-2008-4897

2008-11-0400:58:40

CWE-89

mitre

web.nvd.nist.gov

sql injection

logz podcast cms

nvd

cve-2008-4897

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.003

Percentile

67.9%

JSON

SQL injection vulnerability in fichiers/add_url.php in Logz podcast CMS 1.3.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the art parameter.

Affected configurations

Nvd

Node

logzlogzMatch1.3.1

VendorProductVersionCPE
logzlogz1.3.1cpe:2.3:a:logz:logz:1.3.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
logz	logz	1.3.1	cpe:2.3:a:logz:logz:1.3.1:::::::*

References

packetstormsecurity.org/0810-exploits/logzpodcast-sql.txt

secunia.com/advisories/32542

securityreason.com/securityalert/4546

securityreason.com/securityalert/4555

www.securityfocus.com/bid/32022

exchange.xforce.ibmcloud.com/vulnerabilities/46257

www.exploit-db.com/exploits/6896

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.003

Percentile

67.9%

JSON

Related for CVE-2008-4897