Lucene search

[email protected]CVE-2008-6653

HistoryApr 07, 2009 - 2:17 p.m.

CVE-2008-6653

2009-04-0714:17:18

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-6653

sql injection

webhosting.php

vulnerability

com_webhosting

joomla

mambo

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.1%

JSON

SQL injection vulnerability in webhosting.php in the Webhosting Component (com_webhosting) module before 1.1 RC7 for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the catid parameter to index.php.

Affected configurations

NVD

Node

joomlajoomla

mambomambo

AND

wh-comcom_webhostingRange≤1.1rc6

wh-comcom_webhostingMatch0.5beta

wh-comcom_webhostingMatch0.5.3beta

wh-comcom_webhostingMatch0.5.4beta

wh-comcom_webhostingMatch0.5.5beta

wh-comcom_webhostingMatch0.5.6beta

wh-comcom_webhostingMatch1.0stable

wh-comcom_webhostingMatch1.0.1stable

wh-comcom_webhostingMatch1.1alpha

wh-comcom_webhostingMatch1.1beta

wh-comcom_webhostingMatch1.1rc1

wh-comcom_webhostingMatch1.1rc2

wh-comcom_webhostingMatch1.1rc3

wh-comcom_webhostingMatch1.1rc4

wh-comcom_webhostingMatch1.1rc5

CPENameOperatorVersion
wh-com:com_webhostingwh-com com webhostingle1.1
wh-com:com_webhostingwh-com com webhostingeq0.5
wh-com:com_webhostingwh-com com webhostingeq0.5.3
wh-com:com_webhostingwh-com com webhostingeq0.5.4
wh-com:com_webhostingwh-com com webhostingeq0.5.5
wh-com:com_webhostingwh-com com webhostingeq0.5.6
wh-com:com_webhostingwh-com com webhostingeq1.0
wh-com:com_webhostingwh-com com webhostingeq1.0.1

CPE	Name	Operator	Version
wh-com:com_webhosting	wh-com com webhosting	le	1.1
wh-com:com_webhosting	wh-com com webhosting	eq	0.5
wh-com:com_webhosting	wh-com com webhosting	eq	0.5.3
wh-com:com_webhosting	wh-com com webhosting	eq	0.5.4
wh-com:com_webhosting	wh-com com webhosting	eq	0.5.5
wh-com:com_webhosting	wh-com com webhosting	eq	0.5.6
wh-com:com_webhosting	wh-com com webhosting	eq	1.0
wh-com:com_webhosting	wh-com com webhosting	eq	1.0.1

References

forum.wh-com.de/index.php?topic=497.0

osvdb.org/50423

www.securityfocus.com/bid/29000

exchange.xforce.ibmcloud.com/vulnerabilities/42124

www.exploit-db.com/exploits/5527

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

47.1%

JSON

Related for CVE-2008-6653

nessus1 nvd1 prion1 cvelist1