Lucene search

[email protected]CVE-2008-6256

HistoryFeb 24, 2009 - 6:30 p.m.

CVE-2008-6256

2009-02-2418:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-6256

sql injection

vbulletin 3.7.3.pl1

admincalendar.php

nvd

8.2 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

36.3%

JSON

SQL injection vulnerability in admincp/admincalendar.php in vBulletin 3.7.3.pl1 allows remote authenticated administrators to execute arbitrary SQL commands via the holidayinfo[recurring] parameter, a different vector than CVE-2005-3022.

CPENameOperatorVersion
vbulletin:vbulletinvbulletineq3.7.3

CPE	Name	Operator	Version
vbulletin:vbulletin	vbulletin	eq	3.7.3

References

secunia.com/advisories/32735

www.securityfocus.com/archive/1/498369/100/0/threaded

www.waraxe.us/advisory-68.html

exchange.xforce.ibmcloud.com/vulnerabilities/46683

8.2 High

AI Score

Confidence

Low

6.5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

36.3%

JSON

Related for CVE-2008-6256

prion1 cvelist2 openvas2 cve1