Lucene search
MitreCVE-2008-1496HistoryMar 25, 2008 - 7:44 p.m.
CVE-2008-1496
2008-03-2519:44:00
CWE-89
mitre
web.nvd.nist.gov
20
cve-2008-1496
sql injection
peel
security vulnerability
remote attack
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.6
Confidence
Low
EPSS
0.003
Percentile
67.8%
Multiple SQL injection vulnerabilities in PEEL, possibly 3.x and earlier, allow remote attackers to execute arbitrary SQL commands via the (1) email parameter to (a) membre.php, and the (2) timestamp parameter to (b) the details action in achat/historique_commandes.php and © the facture action in factures/facture_html.php.
Affected configurations
Node
peelpeelMatch1.0b
ORpeelpeelMatch2.6
ORpeelpeelMatch2.7
Related
cvelist
cvelist
CVE-2008-1496
2008-03-25 19:00:00
prion
prion
Sql injection
2008-03-25 19:44:00
nvd
nvd
CVE-2008-1496
2008-03-25 19:44:00
exploitdb
exploitdb
PEEL CMS 3.x - Admin Hash Extraction / Arbitrary File Upload
2008-03-19 00:00:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.6
Confidence
Low
EPSS
0.003
Percentile
67.8%
Related for CVE-2008-1496