Lucene search

[email protected]CVE-2008-6028

HistoryFeb 03, 2009 - 11:30 a.m.

CVE-2008-6028

2009-02-0311:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-6028

sql injection

university of queensland library fez

nvd

vulnerability

subject action

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

27.8%

JSON

SQL injection vulnerability in list.php in University of Queensland Library Fez 1.3 and 2.0 RC1 allows remote attackers to execute arbitrary SQL commands via the parent_id parameter in a subject action.

Affected configurations

NVD

Node

university_of_queenslandfezMatch1.3

university_of_queenslandfezMatch2.0rc1

CPENameOperatorVersion
university_of_queensland:fezuniversity of queensland fezeq1.3
university_of_queensland:fezuniversity of queensland fezeq2.0

CPE	Name	Operator	Version
university_of_queensland:fez	university of queensland fez	eq	1.3
university_of_queensland:fez	university of queensland fez	eq	2.0

References

www.securityfocus.com/bid/31324

www.vupen.com/english/advisories/2008/2652

exchange.xforce.ibmcloud.com/vulnerabilities/45332

www.exploit-db.com/exploits/6535

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

27.8%

JSON

Related for CVE-2008-6028

prion1 cvelist1 nvd1