Lucene search

[email protected]CVE-2014-8339

HistoryNov 04, 2014 - 3:55 p.m.

CVE-2014-8339

2014-11-0415:55:06

CWE-89

[email protected]

web.nvd.nist.gov

cve-2014-8339

sql injection

nuevolab

nuevoplayer

clipshare 8.0

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

84.1%

JSON

SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ClipShare 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ch parameter.

Affected configurations

NVD

Node

nuevolabnuevoplayerMatch-

AND

clip-shareclipshareRange≤8.0

CPENameOperatorVersion
nuevolab:nuevoplayernuevolab nuevoplayereq-
clip-share:clipshareclip-share clipsharele8.0

CPE	Name	Operator	Version
nuevolab:nuevoplayer	nuevolab nuevoplayer	eq	-
clip-share:clipshare	clip-share clipshare	le	8.0

References

packetstormsecurity.com/files/128909/Nuevolabs-Nuevoplayer-For-Clipshare-SQL-Injection.html

www.securityfocus.com/archive/1/533847/100/0/threaded

www.securityfocus.com/bid/70833

www.youtube.com/watch?v=_-oOI1LnEdk

exchange.xforce.ibmcloud.com/vulnerabilities/98393

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.01 Low

EPSS

Percentile

84.1%

JSON

Related for CVE-2014-8339

securityvulns2 cvelist1 packetstorm1 nvd1 prion1