CVE-2008-4364

2008-09-3021:00:00

mitre

www.cve.org

AI Score

8.4

Confidence

Low

EPSS

0.001

Percentile

33.5%

JSON

SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the (1) id parameter in the “page” page and (2) txtSearch parameter in the “Search” page.

References

securityreason.com/securityalert/4343

www.bugreport.ir/index_53.htm

www.securityfocus.com/archive/1/496799/100/0/threaded

www.securityfocus.com/bid/31450

exchange.xforce.ibmcloud.com/vulnerabilities/45494

www.exploit-db.com/exploits/6610