Lucene search

[email protected]CVE-2008-6258

HistoryFeb 24, 2009 - 6:30 p.m.

CVE-2008-6258

2009-02-2418:30:00

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

quadcomm q-shop 3.0

remote attackers

security vulnerability

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

41.4%

JSON

SQL injection vulnerability in users.asp in QuadComm Q-Shop 3.0, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the (1) UserID and (2) Pwd parameters. NOTE: this might be related to CVE-2004-2108.

CPENameOperatorVersion
quadcomm:q-shopquadcomm q-shopeq3.0

CPE	Name	Operator	Version
quadcomm:q-shop	quadcomm q-shop	eq	3.0

References

secunia.com/advisories/32742

www.securityfocus.com/bid/32329

exchange.xforce.ibmcloud.com/vulnerabilities/46649

www.exploit-db.com/exploits/7141

8.8 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

41.4%

JSON

Related for CVE-2008-6258

prion1 cve1