Lucene search

[email protected]CVE-2008-6614

HistoryApr 06, 2009 - 6:30 p.m.

CVE-2008-6614

2009-04-0618:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-6614

sql injection

microcms

ibd micro cms

security vulnerability

remote attackers

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.6%

JSON

Multiple SQL injection vulnerabilities in microcms-admin-login.php in Implied By Design (IBD) Micro CMS 3.5 (aka 0.3.5) allow remote attackers to execute arbitrary SQL commands via (1) the administrators_username parameter (aka the Username field) or (2) the administrators_pass parameter (aka the Password field).

Affected configurations

NVD

Node

impliedbydesignibd_micro_cmsMatch3.5

CPENameOperatorVersion
impliedbydesign:ibd_micro_cmsimpliedbydesign ibd micro cmseq3.5

CPE	Name	Operator	Version
impliedbydesign:ibd_micro_cms	impliedbydesign ibd micro cms	eq	3.5

References

archives.neohapsis.com/archives/fulldisclosure/2008-05/0344.html

osvdb.org/51298

wired-security.net/texts/advisories/IBD_Micro_CMS_3.5_SQL_Injection_Login_Bypass_Advisory.txt

www.securityfocus.com/bid/29159

www.securityfocus.com/bid/29159/exploit

exchange.xforce.ibmcloud.com/vulnerabilities/42539

exchange.xforce.ibmcloud.com/vulnerabilities/53272

www.exploit-db.com/exploits/9699

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.6%

JSON

Related for CVE-2008-6614

prion1 nvd1 cvelist1