Lucene search

[email protected]CVE-2008-2901

HistoryJun 30, 2008 - 6:24 p.m.

CVE-2008-2901

2008-06-3018:24:00

CWE-89

[email protected]

web.nvd.nist.gov

cve

2008

2901

sql injection

haudenschilt

fcms

cms

security vulnerability

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

24.0%

JSON

Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.4 allow remote authenticated users to execute arbitrary SQL commands via the (1) address parameter to addressbook.php, the (2) getnews parameter to familynews.php, and the (3) poll_id parameter to home.php in a results action.

Affected configurations

NVD

Node

haudenschiltfamily_connections_cmsMatch1.4

CPENameOperatorVersion
haudenschilt:family_connections_cmshaudenschilt family connections cmseq1.4

CPE	Name	Operator	Version
haudenschilt:family_connections_cms	haudenschilt family connections cms	eq	1.4

References

secunia.com/advisories/30680

www.securityfocus.com/bid/29722

exchange.xforce.ibmcloud.com/vulnerabilities/43097

www.exploit-db.com/exploits/5811

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

24.0%

JSON

Related for CVE-2008-2901

nvd1 prion1 cvelist1