Lucene search

[email protected]CVE-2008-4886

HistoryNov 04, 2008 - 12:57 a.m.

CVE-2008-4886

2008-11-0400:57:08

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

index.php

yourfreeworld shopping cart script

remote attackers

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.0%

JSON

SQL injection vulnerability in index.php in YourFreeWorld Shopping Cart Script allows remote attackers to execute arbitrary SQL commands via the c parameter.

Affected configurations

NVD

Node

yourfreeworldshopping_cart_script

CPENameOperatorVersion
yourfreeworld:shopping_cart_scriptyourfreeworld shopping cart scripteq*

CPE	Name	Operator	Version
yourfreeworld:shopping_cart_script	yourfreeworld shopping cart script	eq	*

References

osvdb.org/49501

osvdb.org/49598

secunia.com/advisories/32492

securityreason.com/securityalert/4539

www.securityfocus.com/bid/32045

exchange.xforce.ibmcloud.com/vulnerabilities/46270

www.exploit-db.com/exploits/6952

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.009 Low

EPSS

Percentile

83.0%

JSON

Related for CVE-2008-4886

cvelist1 prion1 nvd1