Lucene search

[email protected]NVD:CVE-2008-6260

HistoryFeb 24, 2009 - 6:30 p.m.

CVE-2008-6260

2009-02-2418:30:00

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.001

Percentile

27.8%

JSON

SQL injection vulnerability in index.php in Ultrastats 0.2.144 and 0.3.11 allows remote attackers to execute arbitrary SQL commands via the serverid parameter.

Affected configurations

Nvd

Node

ultrastatsultrastatsMatch0.2.144

ultrastatsultrastatsMatch0.3.11

VendorProductVersionCPE
ultrastatsultrastats0.2.144cpe:2.3:a:ultrastats:ultrastats:0.2.144:*:*:*:*:*:*:*
ultrastatsultrastats0.3.11cpe:2.3:a:ultrastats:ultrastats:0.3.11:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ultrastats	ultrastats	0.2.144	cpe:2.3:a:ultrastats:ultrastats:0.2.144:::::::*
ultrastats	ultrastats	0.3.11	cpe:2.3:a:ultrastats:ultrastats:0.3.11:::::::*

References

secunia.com/advisories/32724

www.securityfocus.com/bid/32340

exchange.xforce.ibmcloud.com/vulnerabilities/46661

www.exploit-db.com/exploits/7148

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.001

Percentile

27.8%

JSON

Related for NVD:CVE-2008-6260

prion1 cvelist1 exploitdb1 cve1