Lucene search

MitreCVE-2008-5636

HistoryDec 17, 2008 - 5:30 p.m.

CVE-2008-5636

2008-12-1717:30:00

CWE-89

mitre

web.nvd.nist.gov

sql injection

cate.php

lito lite cms

remote attackers

cid parameter

security vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.008

Percentile

81.6%

JSON

SQL injection vulnerability in cate.php in Lito Lite CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter.

Affected configurations

Nvd

Node

lovedesignerlito_lite_cmsMatch_nil_

VendorProductVersionCPE
lovedesignerlito_lite_cms_nil_cpe:2.3:a:lovedesigner:lito_lite_cms:_nil_:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
lovedesigner	lito_lite_cms	_nil_	cpe:2.3:a:lovedesigner:lito_lite_cms:_nil_:::::::*

References

secunia.com/advisories/32910

securityreason.com/securityalert/4779

www.securityfocus.com/bid/32538

www.vupen.com/english/advisories/2008/3300

exchange.xforce.ibmcloud.com/vulnerabilities/46923

www.exploit-db.com/exploits/7294

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.008

Percentile

81.6%

JSON

Related for CVE-2008-5636