Lucene search
MitreCVE-2008-4090HistorySep 15, 2008 - 5:12 p.m.
CVE-2008-4090
2008-09-1517:12:51
CWE-89
mitre
web.nvd.nist.gov
22
cve-2008-4090
sql injection
php coupon script 4.0
remote attackers
addtocart action
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.4
Confidence
Low
EPSS
0.008
Percentile
81.8%
SQL injection vulnerability in index.php in PHP Coupon Script 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter in an addtocart action, a different vector than CVE-2007-2672.
Affected configurations
Node
couponscriptcoupon_scriptMatch4.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| couponscript | coupon_script | 4.0 | cpe:2.3:a:couponscript:coupon_script:4.0:*:*:*:*:*:*:* |
Related
prion
prion
Sql injection
2008-09-15 17:12:00
Sql injection
2007-05-14 23:19:00
cvelist
cvelist
CVE-2008-4090
2008-09-15 16:00:00
CVE-2007-2672
2007-05-14 23:00:00
nvd
nvd
CVE-2008-4090
2008-09-15 17:12:51
CVE-2007-2672
2007-05-14 23:19:00
exploitdb
exploitdb
Coupon Script 4.0 - 'id' SQL Injection
2008-09-02 00:00:00
PHP Coupon Script 3.0 - 'bus' SQL Injection
2007-05-03 00:00:00
cve
cve
CVE-2007-2672
2007-05-14 23:19:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.4
Confidence
Low
EPSS
0.008
Percentile
81.8%
Related for CVE-2008-4090