Lucene search

[email protected]CVE-2008-4518

HistoryOct 09, 2008 - 6:14 p.m.

CVE-2008-4518

2008-10-0918:14:14

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-4518

sql injection

fastpublish cms

nvd

vulnerability

remote attack

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.5%

JSON

Multiple SQL injection vulnerabilities in Fastpublish CMS 1.9.9.9.9 d (1.9999 d) allow remote attackers to execute arbitrary SQL commands via the (1) sprache parameter to index2.php and the (2) artikel parameter to index.php.

Affected configurations

NVD

Node

fastpublishfastpublish_cmsMatch1.9.9.9.9d

fastpublishfastpublish_cmsMatch1.9999d

CPENameOperatorVersion
fastpublish:fastpublish_cmsfastpublish fastpublish cmseq1.9.9.9.9d
fastpublish:fastpublish_cmsfastpublish fastpublish cmseq1.9999d

CPE	Name	Operator	Version
fastpublish:fastpublish_cms	fastpublish fastpublish cms	eq	1.9.9.9.9d
fastpublish:fastpublish_cms	fastpublish fastpublish cms	eq	1.9999d

References

secunia.com/advisories/32126

securityreason.com/securityalert/4383

www.securityfocus.com/bid/31582

exchange.xforce.ibmcloud.com/vulnerabilities/45671

www.exploit-db.com/exploits/6678

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.5%

JSON

Related for CVE-2008-4518

cvelist1 prion1 nvd1