Lucene search

[email protected]CVE-2008-6117

HistoryFeb 11, 2009 - 5:30 p.m.

CVE-2008-6117

2009-02-1117:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-6117

sql injection

pg job site pro

remote attackers

arbitrary commands

vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.7%

JSON

SQL injection vulnerability in homepage.php in PG Job Site Pro allows remote attackers to execute arbitrary SQL commands via the poll_view_id parameter in a results action.

Affected configurations

NVD

Node

pilotgrouppg_job_site_proMatch-

CPENameOperatorVersion
pilotgroup:pg_job_site_propilotgroup pg job site proeq-

CPE	Name	Operator	Version
pilotgroup:pg_job_site_pro	pilotgroup pg job site pro	eq	-

References

secunia.com/advisories/32837

www.securityfocus.com/bid/32434

www.vupen.com/english/advisories/2008/3237

exchange.xforce.ibmcloud.com/vulnerabilities/46789

www.exploit-db.com/exploits/7202

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.6 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.7%

JSON

Related for CVE-2008-6117

prion1 nvd1 cvelist1