Lucene search

[email protected]CVE-2008-6419

HistoryMar 06, 2009 - 6:30 p.m.

CVE-2008-6419

2009-03-0618:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-6419

sql injection

social site generator

ssg 2.0

remote attack

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.2%

JSON

Multiple SQL injection vulnerabilities in Social Site Generator (SSG) 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) sgc_id parameter to display_blog.php, (2) scm_mem_id parameter to social_my_profile_download.php, and the (3) catid parameter to social_forum_subcategories.php.

Affected configurations

NVD

Node

socialsitegeneratorsocial_site_generatorMatch2.0

CPENameOperatorVersion
socialsitegenerator:social_site_generatorsocialsitegenerator social site generatoreq2.0

CPE	Name	Operator	Version
socialsitegenerator:social_site_generator	socialsitegenerator social site generator	eq	2.0

References

osvdb.org/45859

osvdb.org/45860

osvdb.org/45861

secunia.com/advisories/30462

www.securityfocus.com/bid/29452

exchange.xforce.ibmcloud.com/vulnerabilities/42777

www.exploit-db.com/exploits/5701

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.2%

JSON

Related for CVE-2008-6419

prion1 cvelist1 nvd1