Lucene search
HistoryNov 04, 2008 - 12:58 a.m.
CVE-2008-4904
cve-2008-4904
sql injection
typo
manage pages
authentication
remote execution
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
8 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
51.9%
SQL injection vulnerability in the “Manage pages” feature (admin/pages) in Typo 5.1.3 and earlier allows remote authenticated users with “blog publisher” rights to execute arbitrary SQL commands via the search[published_at] parameter.
Affected configurations
Node
typospheretypoRange≤5.1.3
ORtypospheretypoMatch1.6
ORtypospheretypoMatch1.6.8
ORtypospheretypoMatch2.0.0
ORtypospheretypoMatch2.0.1
ORtypospheretypoMatch2.0.5
ORtypospheretypoMatch2.0.6
ORtypospheretypoMatch2.5.0
ORtypospheretypoMatch2.5.1
ORtypospheretypoMatch2.5.2
ORtypospheretypoMatch2.5.3
ORtypospheretypoMatch2.5.4
ORtypospheretypoMatch2.5.5
ORtypospheretypoMatch2.5.6
ORtypospheretypoMatch2.5.7
ORtypospheretypoMatch2.5.8
ORtypospheretypoMatch2.6.0
ORtypospheretypoMatch3.99.0
ORtypospheretypoMatch3.99.1
ORtypospheretypoMatch3.99.2
ORtypospheretypoMatch3.99.3
ORtypospheretypoMatch3.99.4
ORtypospheretypoMatch4.0.0
ORtypospheretypoMatch4.1.1
ORtypospheretypoMatch5.0.2
ORtypospheretypoMatch5.0.3
ORtypospheretypoMatch5.0.3.98
ORtypospheretypoMatch5.0.3.98.1
ORtypospheretypoMatch5.1
ORtypospheretypoMatch5.1.1
ORtypospheretypoMatch5.1.2
Related
ubuntucve
ubuntucve
CVE-2008-4904
2008-11-04 00:00:00
prion
prion
Sql injection
2008-11-04 00:58:00
cvelist
cvelist
CVE-2008-4904
2008-11-04 00:00:00
nvd
nvd
CVE-2008-4904
2008-11-04 00:58:40
6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:S/C:P/I:P/A:P
8 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
51.9%
Related for CVE-2008-4904