Lucene search

[email protected]CVE-2008-5599

HistoryDec 16, 2008 - 7:07 p.m.

CVE-2008-5599

2008-12-1619:07:32

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-5599

sql injection

merlix

teamworx server

remote attackers

arbitrary sql commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

65.1%

JSON

SQL injection vulnerability in default.asp in Merlix Teamworx Server allows remote attackers to execute arbitrary SQL commands via the password parameter (aka passwd field) in a login action. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

merlixteamworx_serverMatch_nil_

CPENameOperatorVersion
merlix:teamworx_servermerlix teamworx servereqnil

CPE	Name	Operator	Version
merlix:teamworx_server	merlix teamworx server	eq	nil

References

secunia.com/advisories/33009

securityreason.com/securityalert/4757

www.securityfocus.com/bid/32660

exchange.xforce.ibmcloud.com/vulnerabilities/47126

www.exploit-db.com/exploits/7352

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

65.1%

JSON

Related for CVE-2008-5599

prion1 cvelist1 nvd1