Lucene search

[email protected]CVE-2008-6623

HistoryApr 06, 2009 - 9:30 p.m.

CVE-2008-6623

2009-04-0621:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-6623

sql injection

getin.php

webbdomain post card

web postcards

nvd

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

34.9%

JSON

SQL injection vulnerability in getin.php in WEBBDOMAIN Post Card (aka Web Postcards) 1.02 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter.

Affected configurations

NVD

Node

webbdomainpost_cardRange≤1.02

webbdomainpost_cardMatch1.01

CPENameOperatorVersion
webbdomain:post_cardwebbdomain post cardle1.02
webbdomain:post_cardwebbdomain post cardeq1.01

CPE	Name	Operator	Version
webbdomain:post_card	webbdomain post card	le	1.02
webbdomain:post_card	webbdomain post card	eq	1.01

References

osvdb.org/49824

secunia.com/advisories/32494

www.securityfocus.com/bid/32108

exchange.xforce.ibmcloud.com/vulnerabilities/46359

www.exploit-db.com/exploits/6989

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

34.9%

JSON

Related for CVE-2008-6623

prion1 nvd1 cvelist1