Lucene search
MitreCVE-2008-0267HistoryJan 15, 2008 - 8:00 p.m.
CVE-2008-0267
2008-01-1520:00:00
CWE-89
mitre
web.nvd.nist.gov
20
eticket
sql injection
remote authenticated users
search.php
admin.php
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.3
Confidence
Low
EPSS
0.001
Percentile
40.3%
Multiple SQL injection vulnerabilities in eTicket 1.5.5.2 allow remote authenticated users to execute arbitrary SQL commands via the (1) status, (2) sort, and (3) way parameters to search.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (4) msg and (5) password parameters to admin.php.
Affected configurations
Node
eticketeticketMatch1.5.5.2
Related
exploitdb
exploitdb
eTicket 1.5.5.2 - 'search.php' Multiple SQL Injections
2008-01-07 00:00:00
eTicket 1.5.5.2 - 'admin.php' Multiple SQL Injections
2008-01-07 00:00:00
cvelist
cvelist
CVE-2008-0267
2008-01-15 19:00:00
prion
prion
Sql injection
2008-01-15 20:00:00
nvd
nvd
CVE-2008-0267
2008-01-15 20:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.3
Confidence
Low
EPSS
0.001
Percentile
40.3%
Related for CVE-2008-0267