Lucene search
MitreCVE-2008-6663HistoryApr 08, 2009 - 10:30 a.m.
CVE-2008-6663
2009-04-0810:30:00
CWE-89
mitre
web.nvd.nist.gov
23
cve
2008
6663
sql injection
profile.php
phpauctions
remote attackers
arbitrary sql commands
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.6
Confidence
Low
EPSS
0.002
Percentile
58.5%
SQL injection vulnerability in profile.php in PHPAuctions.info PHPAuctions (aka PHPAuctionSystem) allows remote attackers to execute arbitrary SQL commands via the auction_id parameter, a different vector than CVE-2009-0106.
Affected configurations
Node
phpauctionsphpauctions
| Vendor | Product | Version | CPE |
|---|---|---|---|
| phpauctions | phpauctions | * | cpe:2.3:a:phpauctions:phpauctions:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2008-6663
2009-04-08 10:00:00
CVE-2009-0106
2009-01-09 18:00:00
nvd
nvd
CVE-2008-6663
2009-04-08 10:30:00
CVE-2009-0106
2009-01-09 18:30:03
prion
prion
Sql injection
2009-04-08 10:30:00
Sql injection
2009-01-09 18:30:00
exploitdb
exploitdb
phpAuction - 'profile.php' SQL Injection (1)
2008-06-20 00:00:00
PHPAuctionSystem - Cross-Site Scripting / SQL Injection
2009-01-05 00:00:00
cve
cve
CVE-2009-0106
2009-01-09 18:30:03
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.6
Confidence
Low
EPSS
0.002
Percentile
58.5%
Related for CVE-2008-6663