Lucene search

[email protected]CVE-2008-6633

HistoryApr 07, 2009 - 2:17 p.m.

CVE-2008-6633

2009-04-0714:17:17

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-6633

sql injection

roomphplanning 1.5

remote attackers

arbitrary sql commands

idresa parameter

resaopen.php

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.5%

JSON

SQL injection vulnerability in RoomPHPlanning 1.5 allows remote attackers to execute arbitrary SQL commands via the idresa parameter to resaopen.php.

Affected configurations

NVD

Node

beaussierroomphplanningMatch1.5

CPENameOperatorVersion
beaussier:roomphplanningbeaussier roomphplanningeq1.5

CPE	Name	Operator	Version
beaussier:roomphplanning	beaussier roomphplanning	eq	1.5

References

osvdb.org/45604

secunia.com/advisories/30376

www.securityfocus.com/bid/29354

www.vupen.com/english/advisories/2008/1647

exchange.xforce.ibmcloud.com/vulnerabilities/42626

www.exploit-db.com/exploits/5670

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.5%

JSON

Related for CVE-2008-6633

prion1 nvd1 cvelist1