Lucene search

[email protected]CVE-2008-5131

HistoryNov 18, 2008 - 11:30 a.m.

CVE-2008-5131

2008-11-1811:30:02

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-5131

sql injection

develop it easy

news and article system 1.4

remote attackers

arbitrary sql commands

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.8%

JSON

Multiple SQL injection vulnerabilities in Develop It Easy News And Article System 1.4 allow remote attackers to execute arbitrary SQL commands via (1) the aid parameter to article_details.php, and the (2) username and (3) password to the admin panel (admin/index.php).

Affected configurations

NVD

Node

develop_it_easynews_and_article_systemMatch1.4

CPENameOperatorVersion
develop_it_easy:news_and_article_systemdevelop it easy news and article systemeq1.4

CPE	Name	Operator	Version
develop_it_easy:news_and_article_system	develop it easy news and article system	eq	1.4

References

secunia.com/advisories/32595

securityreason.com/securityalert/4607

www.securityfocus.com/bid/32144

exchange.xforce.ibmcloud.com/vulnerabilities/46397

www.exploit-db.com/exploits/7014

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.8%

JSON

Related for CVE-2008-5131

prion1 cvelist1 nvd1