Lucene search

[email protected]NVD:CVE-2008-2626

HistoryJun 10, 2008 - 12:32 a.m.

CVE-2008-2626

2008-06-1000:32:00

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.2

Confidence

Low

EPSS

0.002

Percentile

55.5%

JSON

SQL injection vulnerability in comment.asp in Battle Blog 1.25 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter.

Affected configurations

Nvd

Node

battleblogbattleblogRange≤1.25build_4

battleblogbattleblogMatch1.0dbuild_3

battleblogbattleblogMatch1.0dbuild_4

battleblogbattleblogMatch1.0dbuild_5

battleblogbattleblogMatch1.0dbuild_5a

battleblogbattleblogMatch1.0dbuild_6

battleblogbattleblogMatch1.05build_1

battleblogbattleblogMatch1.20build_1

battleblogbattleblogMatch1.20build_2

battleblogbattleblogMatch1.20build_3

VendorProductVersionCPE
battleblogbattleblog*cpe:2.3:a:battleblog:battleblog:*:build_4:*:*:*:*:*:*
battleblogbattleblog1.0dcpe:2.3:a:battleblog:battleblog:1.0d:build_3:*:*:*:*:*:*
battleblogbattleblog1.0dcpe:2.3:a:battleblog:battleblog:1.0d:build_4:*:*:*:*:*:*
battleblogbattleblog1.0dcpe:2.3:a:battleblog:battleblog:1.0d:build_5:*:*:*:*:*:*
battleblogbattleblog1.0dcpe:2.3:a:battleblog:battleblog:1.0d:build_5a:*:*:*:*:*:*
battleblogbattleblog1.0dcpe:2.3:a:battleblog:battleblog:1.0d:build_6:*:*:*:*:*:*
battleblogbattleblog1.05cpe:2.3:a:battleblog:battleblog:1.05:build_1:*:*:*:*:*:*
battleblogbattleblog1.20cpe:2.3:a:battleblog:battleblog:1.20:build_1:*:*:*:*:*:*
battleblogbattleblog1.20cpe:2.3:a:battleblog:battleblog:1.20:build_2:*:*:*:*:*:*
battleblogbattleblog1.20cpe:2.3:a:battleblog:battleblog:1.20:build_3:*:*:*:*:*:*

Vendor	Product	Version	CPE
battleblog	battleblog	*	cpe:2.3:a:battleblog:battleblog::build_4::::::*
battleblog	battleblog	1.0d	cpe:2.3:a:battleblog:battleblog:1.0d:build_3::::::
battleblog	battleblog	1.0d	cpe:2.3:a:battleblog:battleblog:1.0d:build_4::::::
battleblog	battleblog	1.0d	cpe:2.3:a:battleblog:battleblog:1.0d:build_5::::::
battleblog	battleblog	1.0d	cpe:2.3:a:battleblog:battleblog:1.0d:build_5a::::::
battleblog	battleblog	1.0d	cpe:2.3:a:battleblog:battleblog:1.0d:build_6::::::
battleblog	battleblog	1.05	cpe:2.3:a:battleblog:battleblog:1.05:build_1::::::
battleblog	battleblog	1.20	cpe:2.3:a:battleblog:battleblog:1.20:build_1::::::
battleblog	battleblog	1.20	cpe:2.3:a:battleblog:battleblog:1.20:build_2::::::
battleblog	battleblog	1.20	cpe:2.3:a:battleblog:battleblog:1.20:build_3::::::

References

secunia.com/advisories/30503

www.davethewebguy.com/battleblog/article.asp?entry=24

www.securityfocus.com/bid/29507

www.vupen.com/english/advisories/2008/1737/references

exchange.xforce.ibmcloud.com/vulnerabilities/42818

www.exploit-db.com/exploits/5731

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.2

Confidence

Low

EPSS

0.002

Percentile

55.5%

JSON

Related for NVD:CVE-2008-2626

exploitdb1 cvelist2 prion2 cve2 nvd1