Lucene search

[email protected]CVE-2008-6333

HistoryFeb 27, 2009 - 5:30 p.m.

CVE-2008-6333

2009-02-2717:30:00

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

rss simple news

rsssn

remote code execution

pid parameter

vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.2%

JSON

SQL injection vulnerability in news.php in RSS Simple News (RSSSN), when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the pid parameter.

Affected configurations

NVD

Node

matthew_generalrss_simple_newsMatch-

CPENameOperatorVersion
matthew_general:rss_simple_newsmatthew general rss simple newseq-

CPE	Name	Operator	Version
matthew_general:rss_simple_news	matthew general rss simple news	eq	-

References

www.securityfocus.com/bid/32962

www.exploit-db.com/exploits/7541

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.2%

JSON

Related for CVE-2008-6333

cvelist1 prion1 nvd1