Lucene search

[email protected]NVD:CVE-2008-6282

HistoryFeb 25, 2009 - 11:30 p.m.

CVE-2008-6282

2009-02-2523:30:00

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.003

Percentile

67.9%

JSON

SQL injection vulnerability in engine/users/users_edit_pub.inc in CMS Ortus 1.13 and earlier allows remote authenticated users to execute arbitrary SQL commands via the city parameter in a users_edit_pub action to index.php.

Affected configurations

Nvd

Node

ortus.nirncms_ortusRange≤1.13

ortus.nirncms_ortusMatch1.10.1

ortus.nirncms_ortusMatch1.11

ortus.nirncms_ortusMatch1.12

VendorProductVersionCPE
ortus.nirncms_ortus*cpe:2.3:a:ortus.nirn:cms_ortus:*:*:*:*:*:*:*:*
ortus.nirncms_ortus1.10.1cpe:2.3:a:ortus.nirn:cms_ortus:1.10.1:*:*:*:*:*:*:*
ortus.nirncms_ortus1.11cpe:2.3:a:ortus.nirn:cms_ortus:1.11:*:*:*:*:*:*:*
ortus.nirncms_ortus1.12cpe:2.3:a:ortus.nirn:cms_ortus:1.12:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
ortus.nirn	cms_ortus	*	cpe:2.3:a:ortus.nirn:cms_ortus::::::::
ortus.nirn	cms_ortus	1.10.1	cpe:2.3:a:ortus.nirn:cms_ortus:1.10.1:::::::*
ortus.nirn	cms_ortus	1.11	cpe:2.3:a:ortus.nirn:cms_ortus:1.11:::::::*
ortus.nirn	cms_ortus	1.12	cpe:2.3:a:ortus.nirn:cms_ortus:1.12:::::::*

References

ortus.nirn.ru/index.php?ortupg=16

osvdb.org/50312

secunia.com/advisories/32899

www.securityfocus.com/bid/32486

www.vupen.com/english/advisories/2008/3272

exchange.xforce.ibmcloud.com/vulnerabilities/46886

www.exploit-db.com/exploits/7237

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

7.9

Confidence

Low

EPSS

0.003

Percentile

67.9%

JSON

Related for NVD:CVE-2008-6282

cvelist1 exploitdb1 prion1 cve1