Lucene search

[email protected]CVE-2008-5273

HistoryNov 28, 2008 - 7:00 p.m.

CVE-2008-5273

2008-11-2819:00:08

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

vulnerability

viewnews.asp

todd woolums

asp news management 2.2

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.0%

JSON

SQL injection vulnerability in viewnews.asp in Todd Woolums ASP News Management 2.2 allows remote attackers to execute arbitrary SQL commands via the newsID parameter.

Affected configurations

NVD

Node

toddwoolumstodd_woolums_asp_news_managementMatch2.2

CPENameOperatorVersion
toddwoolums:todd_woolums_asp_news_managementtoddwoolums todd woolums asp news managementeq2.2

CPE	Name	Operator	Version
toddwoolums:todd_woolums_asp_news_management	toddwoolums todd woolums asp news management	eq	2.2

References

secunia.com/advisories/30593

securityreason.com/securityalert/4658

www.securityfocus.com/bid/29638

exchange.xforce.ibmcloud.com/vulnerabilities/42964

www.exploit-db.com/exploits/5781

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.0%

JSON

Related for CVE-2008-5273

nvd1 prion1 cvelist1