Lucene search

[email protected]CVE-2008-5434

HistoryDec 11, 2008 - 3:30 p.m.

CVE-2008-5434

2008-12-1115:30:00

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

punbb

cve-2008-5434

vulnerability

remote authenticated admins

arbitrary commands

8.2 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.8%

JSON

Multiple SQL injection vulnerabilities in PunBB 1.3 and 1.3.1 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) order_by or (2) direction parameter to admin/users.php, or (3) configuration options to admin/settings.php.

Affected configurations

NVD

Node

punbbpunbbMatch1.3

punbbpunbbMatch1.3.1

CPENameOperatorVersion
punbb:punbbpunbbeq1.3
punbb:punbbpunbbeq1.3.1

CPE	Name	Operator	Version
punbb:punbb	punbb	eq	1.3
punbb:punbb	punbb	eq	1.3.1

References

punbb.informer.com/

punbb.informer.com/forums/topic/20475/punbb-132/

punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_at_adminusers.php_page

punbb.informer.com/wiki/punbb13/bugs#potential_sql-injections_in_adminsettings.php_via_configuration_values

secunia.com/advisories/33059

www.openwall.com/lists/oss-security/2008/12/09/3

exchange.xforce.ibmcloud.com/vulnerabilities/47185

8.2 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

Access Complexity

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

70.8%

JSON

Related for CVE-2008-5434

nvd1 prion1 cvelist1