Lucene search

[email protected]CVE-2008-3491

HistoryAug 06, 2008 - 5:41 p.m.

CVE-2008-3491

2008-08-0617:41:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-3491

sql injection

go.php

scripts24

ipost 1.0.1

itgp 1.0.4

remote execution

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.9%

JSON

SQL injection vulnerability in go.php in Scripts24 iPost 1.0.1 and iTGP 1.0.4 allows remote attackers to execute arbitrary SQL commands via the id parameter in a report action.

Affected configurations

NVD

Node

scripts24ipostMatch1.0.1

scripts24itgpMatch1.0.4

CPENameOperatorVersion
scripts24:ipostscripts24 iposteq1.0.1
scripts24:itgpscripts24 itgpeq1.0.4

CPE	Name	Operator	Version
scripts24:ipost	scripts24 ipost	eq	1.0.1
scripts24:itgp	scripts24 itgp	eq	1.0.4

References

osvdb.org/47333

secunia.com/advisories/31344

secunia.com/advisories/31345

securityreason.com/securityalert/4117

www.securityfocus.com/bid/30504

www.securityfocus.com/bid/30505

exchange.xforce.ibmcloud.com/vulnerabilities/44175

exchange.xforce.ibmcloud.com/vulnerabilities/44176

www.exploit-db.com/exploits/6185

www.exploit-db.com/exploits/6186

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

82.9%

JSON

Related for CVE-2008-3491

nvd1 cvelist1 prion1