Lucene search

MitreCVE-2008-5486

HistoryDec 12, 2008 - 4:30 p.m.

CVE-2008-5486

2008-12-1216:30:00

CWE-89

mitre

web.nvd.nist.gov

sql injection

admin.php

turnkeyforms

text link sales

security vulnerability

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.002

Percentile

65.0%

JSON

SQL injection vulnerability in admin.php in TurnkeyForms Text Link Sales allows remote attackers to execute arbitrary SQL commands via the id parameter.

Affected configurations

Nvd

Node

turnkeyformstext_link_sales

VendorProductVersionCPE
turnkeyformstext_link_sales*cpe:2.3:a:turnkeyforms:text_link_sales:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
turnkeyforms	text_link_sales	*	cpe:2.3:a:turnkeyforms:text_link_sales::::::::

References

secunia.com/advisories/32732

securityreason.com/securityalert/4719

www.securityfocus.com/bid/32308

exchange.xforce.ibmcloud.com/vulnerabilities/46631

www.exploit-db.com/exploits/7124

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.002

Percentile

65.0%

JSON

Related for CVE-2008-5486