Lucene search

MitreCVE-2008-4178

HistorySep 23, 2008 - 3:25 p.m.

CVE-2008-4178

2008-09-2315:25:42

CWE-89

mitre

web.nvd.nist.gov

sql injection

tr.php

downlinegoldmine

special category addon

downline builder pro

new addon

downline goldmine builder

vulnerability

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.005

Percentile

77.6%

JSON

SQL injection vulnerability in tr.php in DownlineGoldmine Special Category Addon, Downline Builder Pro, New Addon, and Downline Goldmine Builder allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

downline_goldminebuilder

downline_goldminebuilderMatchspecial_category_addon

downline_goldminebuilderMatchunknownunknownpro

downline_goldminenew_addon

downline_goldminenew_addonMatchpro

VendorProductVersionCPE
downline_goldminebuilder*cpe:2.3:a:downline_goldmine:builder:*:*:*:*:*:*:*:*
downline_goldminebuilderspecial_category_addoncpe:2.3:a:downline_goldmine:builder:special_category_addon:*:*:*:*:*:*:*
downline_goldminebuilderunknowncpe:2.3:a:downline_goldmine:builder:unknown:unknown:pro:*:*:*:*:*
downline_goldminenew_addon*cpe:2.3:a:downline_goldmine:new_addon:*:*:*:*:*:*:*:*
downline_goldminenew_addonprocpe:2.3:a:downline_goldmine:new_addon:pro:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
downline_goldmine	builder	*	cpe:2.3:a:downline_goldmine:builder::::::::
downline_goldmine	builder	special_category_addon	cpe:2.3:a:downline_goldmine:builder:special_category_addon:::::::*
downline_goldmine	builder	unknown	cpe:2.3:a:downline_goldmine:builder:unknown:unknown:pro:::::*
downline_goldmine	new_addon	*	cpe:2.3:a:downline_goldmine:new_addon::::::::
downline_goldmine	new_addon	pro	cpe:2.3:a:downline_goldmine:new_addon:pro:::::::*

References

packetstorm.linuxsecurity.com/0809-exploits/categoryaddon-sql.txt

packetstorm.linuxsecurity.com/0809-exploits/downline-sql.txt

packetstormsecurity.org/0809-exploits/newdownline-sql.txt

secunia.com/advisories/31812

www.securityfocus.com/bid/31169

www.vupen.com/english/advisories/2008/2992

www.vupen.com/english/advisories/2008/2993

www.vupen.com/english/advisories/2008/2994

www.vupen.com/english/advisories/2008/2995

exchange.xforce.ibmcloud.com/vulnerabilities/45128

www.exploit-db.com/exploits/6946

www.exploit-db.com/exploits/6947

www.exploit-db.com/exploits/6950

www.exploit-db.com/exploits/6951

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.005

Percentile

77.6%

JSON

Related for CVE-2008-4178