Search...

CVE-2008-7030

2009-08-24T10:30:00

ID CVE-2008-7030
Type cve
Reporter cve@mitre.org
Modified 2018-10-11T20:58:00

Description

Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field to an unspecified component, possibly agentlist.asp. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.

JSON Vulners Source

Initial Source

{"id": "CVE-2008-7030", "bulletinFamily": "NVD", "title": "CVE-2008-7030", "description": "Multiple SQL injection vulnerabilities in Site2Nite Real Estate Web allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password field to an unspecified component, possibly agentlist.asp. NOTE: this issue was disclosed by an unreliable researcher, so it might be incorrect.", "published": "2009-08-24T10:30:00", "modified": "2018-10-11T20:58:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-7030", "reporter": "cve@mitre.org", "references": ["http://www.osvdb.org/51076", "http://www.securityfocus.com/archive/1/488070/100/200/threaded", "https://exchange.xforce.ibmcloud.com/vulnerabilities/40509", "http://www.securityfocus.com/bid/27779"], "cvelist": ["CVE-2008-7030"], "type": "cve", "lastseen": "2019-05-29T18:09:30", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "6d3075c222c53dfde9a160c7755084f9"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "2e52cd8ea17086a7965141a36fa455f1"}, {"key": "cpe23", "hash": "b34451bf71569f7711543f2b053dcf19"}, {"key": "cvelist", "hash": "5abb3cd22c4a8b3dc49621d915b5f423"}, {"key": "cvss", "hash": "0b053db5674b87efff89989a8a720df3"}, {"key": "cvss2", "hash": "27c7580c75f8189a2ddd31c96c2f7e2b"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "4994f73f97fee1825d38aac7bee9aefe"}, {"key": "description", "hash": "603b86fbc4b31ec07893fc7f95fcb4a4"}, {"key": "href", "hash": "8f62dca3ce05198618b50041df1b2daa"}, {"key": "modified", "hash": "c80b456215d5b78b4451ed952b93b5db"}, {"key": "published", "hash": "88b08ab34050e8e4715b6961b5fc2f52"}, {"key": "references", "hash": "7aa6e2b22cfd9adca5af192fce51c924"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "812dad7fcc7bc04a7dd43a9888da1d57"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "efa3f556adce29695b7b87d5b4023d51c7a3654b7d895f7bcd8fd73456d8b605", "viewCount": 0, "enchantments": {"score": {"value": 7.7, "vector": "NONE", "modified": "2019-05-29T18:09:30"}, "dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:31191"]}], "modified": "2019-05-29T18:09:30"}, "vulnersScore": 7.7}, "objectVersion": "1.3", "cpe": ["cpe:/a:site2nite:real_estate_web:*"], "affectedSoftware": [{"name": "site2nite real_estate_web", "operator": "eq", "version": "*"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:site2nite:real_estate_web:*:*:*:*:*:*:*:*"], "cwe": ["CWE-89"]}

{"exploitdb": [{"lastseen": "2016-02-03T14:03:44", "bulletinFamily": "exploit", "description": "Site2Nite Real Estate Web 'agentlist.asp' Multiple SQL Injection Vulnerabilities. CVE-2008-7030. Webapps exploit for asp platform", "modified": "2008-02-13T00:00:00", "published": "2008-02-13T00:00:00", "id": "EDB-ID:31191", "href": "https://www.exploit-db.com/exploits/31191/", "type": "exploitdb", "title": "Site2Nite Real Estate Web 'agentlist.asp' Multiple SQL Injection Vulnerabilities", "sourceData": "source: http://www.securityfocus.com/bid/27779/info\r\n\r\nSite2Nite Real Estate Web is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.\r\n\r\nExploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.\r\n\r\nThe following proof-of-concept login and password examples are available:\r\n\r\nLogin: anything' OR 'x'='x\r\nPassword: anything' OR 'x'='x\r\n\r\n\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/31191/"}]}