Lucene search

[email protected]CVE-2008-5168

HistoryNov 19, 2008 - 6:11 p.m.

CVE-2008-5168

2008-11-1918:11:49

CWE-89

[email protected]

web.nvd.nist.gov

cve

sql injection

tip.php

tips complete website 1.2.0

vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.1%

JSON

SQL injection vulnerability in tip.php in Tips Complete Website 1.2.0 allows remote attackers to execute arbitrary SQL commands via the tipid parameter.

Affected configurations

NVD

Node

easysitenetworktips_complete_websiteMatch1.2.0

CPENameOperatorVersion
easysitenetwork:tips_complete_websiteeasysitenetwork tips complete websiteeq1.2.0

CPE	Name	Operator	Version
easysitenetwork:tips_complete_website	easysitenetwork tips complete website	eq	1.2.0

References

secunia.com/advisories/30861

securityreason.com/securityalert/4614

www.securityfocus.com/bid/29967

exchange.xforce.ibmcloud.com/vulnerabilities/43401

www.exploit-db.com/exploits/5947

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

35.1%

JSON

Related for CVE-2008-5168

nvd1 cvelist1 prion1