Lucene search

[email protected]CVE-2008-6152

HistoryFeb 16, 2009 - 5:30 p.m.

CVE-2008-6152

2009-02-1617:30:04

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-6152

sql injection

sepcity faculty portal

remote attackers

arbitrary commands

id parameter

lawyer portal

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.0%

JSON

SQL injection vulnerability in deptdisplay.asp in SepCity Faculty Portal allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: this was originally reported for Lawyer Portal, which does not have a deptdisplay.asp file.

Affected configurations

NVD

Node

sepcityfaculty_portalMatch-

CPENameOperatorVersion
sepcity:faculty_portalsepcity faculty portaleq-

CPE	Name	Operator	Version
sepcity:faculty_portal	sepcity faculty portal	eq	-

References

secunia.com/advisories/33357

www.securityfocus.com/bid/33040

exchange.xforce.ibmcloud.com/vulnerabilities/47621

www.exploit-db.com/exploits/7610

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.0%

JSON

Related for CVE-2008-6152

cvelist1 nvd1 prion1