Lucene search

[email protected]CVE-2008-6102

HistoryFeb 10, 2009 - 6:30 p.m.

CVE-2008-6102

2009-02-1018:30:00

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

ratelink.php

link trader script

remote attackers

lnkid parameter

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

27.8%

JSON

SQL injection vulnerability in ratelink.php in Link Trader Script allows remote attackers to execute arbitrary SQL commands via the lnkid parameter.

Affected configurations

NVD

Node

ezonescriptslink_trader_script

CPENameOperatorVersion
ezonescripts:link_trader_scriptezonescripts link trader scripteq*

CPE	Name	Operator	Version
ezonescripts:link_trader_script	ezonescripts link trader script	eq	*

References

secunia.com/advisories/32077

www.securityfocus.com/bid/31526

exchange.xforce.ibmcloud.com/vulnerabilities/45605

www.exploit-db.com/exploits/6650

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

27.8%

JSON

Related for CVE-2008-6102

prion1 nvd1 cvelist1