Lucene search

[email protected]CVE-2008-7153

HistorySep 02, 2009 - 5:30 p.m.

CVE-2008-7153

2009-09-0217:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2008-7153

sql injection

vulnerability

docebo

remote attack

execute code

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.2%

JSON

SQL injection vulnerability in the autoDetectRegion function in doceboCore/lib/lib.regset.php in Docebo 3.5.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the Accept-Language HTTP header. NOTE: this can be leveraged to execute arbitrary PHP code using the INTO DUMPFILE command.

Affected configurations

NVD

Node

docebodoceboRange≤3.5.0.3

docebodoceboMatch3.0.3

docebodoceboMatch3.0.4

docebodoceboMatch3.0.5

docebodoceboMatch3.5_beta

CPENameOperatorVersion
docebo:docebodocebole3.5.0.3
docebo:docebodoceboeq3.0.3
docebo:docebodoceboeq3.0.4
docebo:docebodoceboeq3.0.5
docebo:docebodoceboeq3.5_beta

CPE	Name	Operator	Version
docebo:docebo	docebo	le	3.5.0.3
docebo:docebo	docebo	eq	3.0.3
docebo:docebo	docebo	eq	3.0.4
docebo:docebo	docebo	eq	3.0.5
docebo:docebo	docebo	eq	3.5_beta

References

osvdb.org/40138

secunia.com/advisories/28378

www.docebo.org/doceboCms/bugtracker/18_124/bugdetails/appid_24-bugid_198/bugtracker.html

www.securityfocus.com/bid/27211

exchange.xforce.ibmcloud.com/vulnerabilities/39589

www.exploit-db.com/exploits/4879

www.exploit-db.com/exploits/4891

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

69.2%

JSON

Related for CVE-2008-7153

nvd1 prion1 cvelist1