Lucene search

[email protected]CVE-2008-6970

HistoryAug 13, 2009 - 4:30 p.m.

CVE-2008-6970

2009-08-1316:30:01

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-6970

sql injection

ubb.threads

nvd

vulnerability

remote attackers

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.6%

JSON

SQL injection vulnerability in dosearch.inc.php in UBB.threads 7.3.1 and earlier allows remote attackers to execute arbitrary SQL commands via the Forum[] array parameter.

Affected configurations

NVD

Node

ubbcentralubb.threadsRange≤7.3.1

ubbcentralubb.threadsMatch3.4

ubbcentralubb.threadsMatch3.5

ubbcentralubb.threadsMatch5.0

ubbcentralubb.threadsMatch5.5.1

ubbcentralubb.threadsMatch6.0

ubbcentralubb.threadsMatch6.0.1

ubbcentralubb.threadsMatch6.0.2

ubbcentralubb.threadsMatch6.0.3

ubbcentralubb.threadsMatch6.1

ubbcentralubb.threadsMatch6.1.1

ubbcentralubb.threadsMatch6.2

ubbcentralubb.threadsMatch6.2.1

ubbcentralubb.threadsMatch6.2.2

ubbcentralubb.threadsMatch6.2.3

ubbcentralubb.threadsMatch6.3

ubbcentralubb.threadsMatch6.3.1

ubbcentralubb.threadsMatch6.4

ubbcentralubb.threadsMatch6.4.1

ubbcentralubb.threadsMatch6.4.2

ubbcentralubb.threadsMatch6.4.3

ubbcentralubb.threadsMatch6.4.4

ubbcentralubb.threadsMatch6.5

ubbcentralubb.threadsMatch6.5.1

ubbcentralubb.threadsMatch6.5.1.1

ubbcentralubb.threadsMatch6.5.2

ubbcentralubb.threadsMatch6.5.2_beta2

ubbcentralubb.threadsMatch6.5.3

ubbcentralubb.threadsMatch7.0

ubbcentralubb.threadsMatch7.1

ubbcentralubb.threadsMatch7.2

CPENameOperatorVersion
ubbcentral:ubb.threadsubbcentral ubb.threadsle7.3.1
ubbcentral:ubb.threadsubbcentral ubb.threadseq3.4
ubbcentral:ubb.threadsubbcentral ubb.threadseq3.5
ubbcentral:ubb.threadsubbcentral ubb.threadseq5.0
ubbcentral:ubb.threadsubbcentral ubb.threadseq5.5.1
ubbcentral:ubb.threadsubbcentral ubb.threadseq6.0
ubbcentral:ubb.threadsubbcentral ubb.threadseq6.0.1
ubbcentral:ubb.threadsubbcentral ubb.threadseq6.0.2
ubbcentral:ubb.threadsubbcentral ubb.threadseq6.0.3
ubbcentral:ubb.threadsubbcentral ubb.threadseq6.1

CPE	Name	Operator	Version
ubbcentral:ubb.threads	ubbcentral ubb.threads	le	7.3.1
ubbcentral:ubb.threads	ubbcentral ubb.threads	eq	3.4
ubbcentral:ubb.threads	ubbcentral ubb.threads	eq	3.5
ubbcentral:ubb.threads	ubbcentral ubb.threads	eq	5.0
ubbcentral:ubb.threads	ubbcentral ubb.threads	eq	5.5.1
ubbcentral:ubb.threads	ubbcentral ubb.threads	eq	6.0
ubbcentral:ubb.threads	ubbcentral ubb.threads	eq	6.0.1
ubbcentral:ubb.threads	ubbcentral ubb.threads	eq	6.0.2
ubbcentral:ubb.threads	ubbcentral ubb.threads	eq	6.0.3
ubbcentral:ubb.threads	ubbcentral ubb.threads	eq	6.1

Rows per page:

1-10 of 311

References

osvdb.org/47954

secunia.com/advisories/31804

www.gulftech.org/?node=research&article_id=00130-09082008

www.securityfocus.com/bid/31074

www.ubbcentral.com/forums/ubbthreads.php/topics/216722/

exchange.xforce.ibmcloud.com/vulnerabilities/44976

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

58.6%

JSON

Related for CVE-2008-6970

nvd1 prion1 cvelist1