Lucene search

[email protected]NVD:CVE-2008-4904

HistoryNov 04, 2008 - 12:58 a.m.

CVE-2008-4904

2008-11-0400:58:40

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.002

Percentile

51.8%

JSON

SQL injection vulnerability in the “Manage pages” feature (admin/pages) in Typo 5.1.3 and earlier allows remote authenticated users with “blog publisher” rights to execute arbitrary SQL commands via the search[published_at] parameter.

Affected configurations

Nvd

Node

typospheretypoRange≤5.1.3

typospheretypoMatch1.6

typospheretypoMatch1.6.8

typospheretypoMatch2.0.0

typospheretypoMatch2.0.1

typospheretypoMatch2.0.5

typospheretypoMatch2.0.6

typospheretypoMatch2.5.0

typospheretypoMatch2.5.1

typospheretypoMatch2.5.2

typospheretypoMatch2.5.3

typospheretypoMatch2.5.4

typospheretypoMatch2.5.5

typospheretypoMatch2.5.6

typospheretypoMatch2.5.7

typospheretypoMatch2.5.8

typospheretypoMatch2.6.0

typospheretypoMatch3.99.0

typospheretypoMatch3.99.1

typospheretypoMatch3.99.2

typospheretypoMatch3.99.3

typospheretypoMatch3.99.4

typospheretypoMatch4.0.0

typospheretypoMatch4.1.1

typospheretypoMatch5.0.2

typospheretypoMatch5.0.3

typospheretypoMatch5.0.3.98

typospheretypoMatch5.0.3.98.1

typospheretypoMatch5.1

typospheretypoMatch5.1.1

typospheretypoMatch5.1.2

VendorProductVersionCPE
typospheretypo*cpe:2.3:a:typosphere:typo:*:*:*:*:*:*:*:*
typospheretypo1.6cpe:2.3:a:typosphere:typo:1.6:*:*:*:*:*:*:*
typospheretypo1.6.8cpe:2.3:a:typosphere:typo:1.6.8:*:*:*:*:*:*:*
typospheretypo2.0.0cpe:2.3:a:typosphere:typo:2.0.0:*:*:*:*:*:*:*
typospheretypo2.0.1cpe:2.3:a:typosphere:typo:2.0.1:*:*:*:*:*:*:*
typospheretypo2.0.5cpe:2.3:a:typosphere:typo:2.0.5:*:*:*:*:*:*:*
typospheretypo2.0.6cpe:2.3:a:typosphere:typo:2.0.6:*:*:*:*:*:*:*
typospheretypo2.5.0cpe:2.3:a:typosphere:typo:2.5.0:*:*:*:*:*:*:*
typospheretypo2.5.1cpe:2.3:a:typosphere:typo:2.5.1:*:*:*:*:*:*:*
typospheretypo2.5.2cpe:2.3:a:typosphere:typo:2.5.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
typosphere	typo	*	cpe:2.3:a:typosphere:typo::::::::
typosphere	typo	1.6	cpe:2.3:a:typosphere:typo:1.6:::::::*
typosphere	typo	1.6.8	cpe:2.3:a:typosphere:typo:1.6.8:::::::*
typosphere	typo	2.0.0	cpe:2.3:a:typosphere:typo:2.0.0:::::::*
typosphere	typo	2.0.1	cpe:2.3:a:typosphere:typo:2.0.1:::::::*
typosphere	typo	2.0.5	cpe:2.3:a:typosphere:typo:2.0.5:::::::*
typosphere	typo	2.0.6	cpe:2.3:a:typosphere:typo:2.0.6:::::::*
typosphere	typo	2.5.0	cpe:2.3:a:typosphere:typo:2.5.0:::::::*
typosphere	typo	2.5.1	cpe:2.3:a:typosphere:typo:2.5.1:::::::*
typosphere	typo	2.5.2	cpe:2.3:a:typosphere:typo:2.5.2:::::::*

Rows per page:

1-10 of 311

References

secunia.com/advisories/32272

securityreason.com/securityalert/4550

www.securityfocus.com/archive/1/497970

www.securityfocus.com/bid/31993

exchange.xforce.ibmcloud.com/vulnerabilities/46205

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:S/C:P/I:P/A:P

AI Score

Confidence

Low

EPSS

0.002

Percentile

51.8%

JSON

Related for NVD:CVE-2008-4904

ubuntucve1 cvelist1 cve1 prion1