Lucene search

[email protected]NVD:CVE-2008-1349

HistoryMar 17, 2008 - 4:44 p.m.

CVE-2008-1349

2008-03-1716:44:00

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.108

Percentile

95.2%

JSON

SQL injection vulnerability in viewcat.php in the bamaGalerie (Bama Galerie) 3.03 and 3.041 module for eXV2 2.0.6 allows remote attackers to execute arbitrary SQL commands via the cid parameter.

Affected configurations

Nvd

Node

exv2bamagalerieMatch3.03

exv2bamagalerieMatch3.041

exv2exv2Match2.0.6

VendorProductVersionCPE
exv2bamagalerie3.03cpe:2.3:a:exv2:bamagalerie:3.03:*:*:*:*:*:*:*
exv2bamagalerie3.041cpe:2.3:a:exv2:bamagalerie:3.041:*:*:*:*:*:*:*
exv2exv22.0.6cpe:2.3:a:exv2:exv2:2.0.6:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
exv2	bamagalerie	3.03	cpe:2.3:a:exv2:bamagalerie:3.03:::::::*
exv2	bamagalerie	3.041	cpe:2.3:a:exv2:bamagalerie:3.041:::::::*
exv2	exv2	2.0.6	cpe:2.3:a:exv2:exv2:2.0.6:::::::*

References

packetstormsecurity.org/0804-exploits/runcms11a-sql.txt

secunia.com/advisories/29359

secunia.com/advisories/29362

www.securityfocus.com/bid/28229

exchange.xforce.ibmcloud.com/vulnerabilities/41188

www.exploit-db.com/exploits/5244

www.exploit-db.com/exploits/5340

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.108

Percentile

95.2%

JSON

Related for NVD:CVE-2008-1349

cvelist1 exploitdb1 prion1 cve1