Lucene search
MitreCVE-2008-5940HistoryJan 22, 2009 - 11:30 a.m.
CVE-2008-5940
2009-01-2211:30:05
CWE-89
mitre
web.nvd.nist.gov
25
cve-2008-5940
sql injection
index.php
modx 0.9.6.2
remote code execution
searchid parameter
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
8.7
Confidence
Low
EPSS
0.008
Percentile
82.2%
SQL injection vulnerability in index.php in MODx 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the searchid parameter. NOTE: some of these details are obtained from third party information.
Affected configurations
Node
modxcmsmodxcmsRange≤0.9.6.2
ORmodxcmsmodxcmsMatch0.9.0
ORmodxcmsmodxcmsMatch0.9.1
ORmodxcmsmodxcmsMatch0.9.2.1
ORmodxcmsmodxcmsMatch0.9.5
ORmodxcmsmodxcmsMatch0.9.6
ORmodxcmsmodxcmsMatch0.9.6.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| modxcms | modxcms | * | cpe:2.3:a:modxcms:modxcms:*:*:*:*:*:*:*:* |
| modxcms | modxcms | 0.9.0 | cpe:2.3:a:modxcms:modxcms:0.9.0:*:*:*:*:*:*:* |
| modxcms | modxcms | 0.9.1 | cpe:2.3:a:modxcms:modxcms:0.9.1:*:*:*:*:*:*:* |
| modxcms | modxcms | 0.9.2.1 | cpe:2.3:a:modxcms:modxcms:0.9.2.1:*:*:*:*:*:*:* |
| modxcms | modxcms | 0.9.5 | cpe:2.3:a:modxcms:modxcms:0.9.5:*:*:*:*:*:*:* |
| modxcms | modxcms | 0.9.6 | cpe:2.3:a:modxcms:modxcms:0.9.6:*:*:*:*:*:*:* |
| modxcms | modxcms | 0.9.6.1 | cpe:2.3:a:modxcms:modxcms:0.9.6.1:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2008-5940
2009-01-22 11:30:05
prion
prion
Sql injection
2009-01-22 11:30:00
jvn
jvn
JVN#72630020 MODx vulnerable to SQL injection
2009-01-09 00:00:00
cvelist
cvelist
CVE-2008-5940
2009-01-22 11:00:00
CVSS2
6.8
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
AI Score
8.7
Confidence
Low
EPSS
0.008
Percentile
82.2%
Related for CVE-2008-5940