Lucene search

[email protected]CVE-2008-3223

HistoryJul 18, 2008 - 4:41 p.m.

CVE-2008-3223

2008-07-1816:41:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-3223

sql injection

drupal

vulnerability

remote attackers

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.9%

JSON

SQL injection vulnerability in the Schema API in Drupal 6.x before 6.3 allows remote attackers to execute arbitrary SQL commands via vectors related to “an inappropriate placeholder for ‘numeric’ fields.”

Affected configurations

NVD

Node

drupaldrupalRange6.0–6.3

Node

fedoraprojectfedoraMatch8

fedoraprojectfedoraMatch9

CPENameOperatorVersion
drupal:drupaldrupallt6.3

CPE	Name	Operator	Version
drupal:drupal	drupal	lt	6.3

References

drupal.org/node/280571

secunia.com/advisories/31079

www.openwall.com/lists/oss-security/2008/07/10/3

www.securityfocus.com/bid/30168

bugzilla.redhat.com/show_bug.cgi?id=454849

exchange.xforce.ibmcloud.com/vulnerabilities/43705

www.redhat.com/archives/fedora-package-announce/2008-August/msg00016.html

www.redhat.com/archives/fedora-package-announce/2008-July/msg00527.html

www.redhat.com/archives/fedora-package-announce/2008-July/msg00551.html

Social References

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

74.9%

JSON

Related for CVE-2008-3223

ubuntucve1 prion1 nvd1 cvelist1 nessus3 openvas4 redhatcve1