Lucene search

[email protected]CVE-2008-4884

HistoryNov 04, 2008 - 12:57 a.m.

CVE-2008-4884

2008-11-0400:57:08

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-4884

sql injection

tr.php

yourfreeworld classifieds hosting script

remote attackers

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.0%

JSON

SQL injection vulnerability in tr.php in YourFreeWorld Classifieds Hosting Script allows remote attackers to execute arbitrary SQL commands via the id parameter.

Affected configurations

NVD

Node

yourfreeworldclassifieds_hosting_script

CPENameOperatorVersion
yourfreeworld:classifieds_hosting_scriptyourfreeworld classifieds hosting scripteq*

CPE	Name	Operator	Version
yourfreeworld:classifieds_hosting_script	yourfreeworld classifieds hosting script	eq	*

References

osvdb.org/49596

securityreason.com/securityalert/4538

www.securityfocus.com/bid/32064

www.exploit-db.com/exploits/6948

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.0%

JSON

Related for CVE-2008-4884

prion1 cvelist1 nvd1