Lucene search

[email protected]CVE-2008-5226

HistoryNov 25, 2008 - 7:30 p.m.

CVE-2008-5226

2008-11-2519:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-5226

mambads

sql injection

mambo

security vulnerability

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

43.0%

JSON

SQL injection vulnerability in the MambAds (com_mambads) component 1.0 RC1 Beta and 1.0 RC1 for Mambo allows remote attackers to execute arbitrary SQL commands via the ma_cat parameter in a view action to index.php, a different vector than CVE-2007-5177.

CPENameOperatorVersion
mambads:mambadsmambadseq1.0
mambo:mambomamboeq*

CPE	Name	Operator	Version
mambads:mambads	mambads	eq	1.0
mambo:mambo	mambo	eq	*

References

securityreason.com/securityalert/4630

www.securityfocus.com/bid/29433

exchange.xforce.ibmcloud.com/vulnerabilities/42747

www.exploit-db.com/exploits/5692

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

43.0%

JSON

Related for CVE-2008-5226

prion2 cve1