Lucene search

[email protected]NVD:CVE-2008-3845

HistoryAug 27, 2008 - 11:41 p.m.

CVE-2008-3845

2008-08-2723:41:00

CWE-89

[email protected]

web.nvd.nist.gov

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.7%

JSON

Multiple SQL injection vulnerabilities in Crafty Syntax Live Help (CSLH) 2.14.6 and earlier allow remote attackers to execute arbitrary SQL commands via the department parameter to (1) is_xmlhttp.php and (2) is_flush.php.

Affected configurations

NVD

Node

craftysyntaxcrafty_syntax_live_helpRange≤2.14.6

craftysyntaxcrafty_syntax_live_helpMatch1.0

craftysyntaxcrafty_syntax_live_helpMatch1.1

craftysyntaxcrafty_syntax_live_helpMatch1.2

craftysyntaxcrafty_syntax_live_helpMatch1.3

craftysyntaxcrafty_syntax_live_helpMatch1.4

craftysyntaxcrafty_syntax_live_helpMatch1.5

craftysyntaxcrafty_syntax_live_helpMatch1.6

craftysyntaxcrafty_syntax_live_helpMatch1.7

craftysyntaxcrafty_syntax_live_helpMatch2.0

craftysyntaxcrafty_syntax_live_helpMatch2.1

craftysyntaxcrafty_syntax_live_helpMatch2.10.0

craftysyntaxcrafty_syntax_live_helpMatch2.10.1

craftysyntaxcrafty_syntax_live_helpMatch2.10.2

craftysyntaxcrafty_syntax_live_helpMatch2.10.3

craftysyntaxcrafty_syntax_live_helpMatch2.10.4

craftysyntaxcrafty_syntax_live_helpMatch2.10.5

craftysyntaxcrafty_syntax_live_helpMatch2.11.0

craftysyntaxcrafty_syntax_live_helpMatch2.11.1

craftysyntaxcrafty_syntax_live_helpMatch2.11.2

craftysyntaxcrafty_syntax_live_helpMatch2.11.3

craftysyntaxcrafty_syntax_live_helpMatch2.11.4

craftysyntaxcrafty_syntax_live_helpMatch2.11.5

craftysyntaxcrafty_syntax_live_helpMatch2.11.6

craftysyntaxcrafty_syntax_live_helpMatch2.11.7

craftysyntaxcrafty_syntax_live_helpMatch2.12.0

craftysyntaxcrafty_syntax_live_helpMatch2.12.1

craftysyntaxcrafty_syntax_live_helpMatch2.12.2

craftysyntaxcrafty_syntax_live_helpMatch2.12.3

craftysyntaxcrafty_syntax_live_helpMatch2.12.4

craftysyntaxcrafty_syntax_live_helpMatch2.12.5

craftysyntaxcrafty_syntax_live_helpMatch2.12.6

craftysyntaxcrafty_syntax_live_helpMatch2.12.7

craftysyntaxcrafty_syntax_live_helpMatch2.12.8

craftysyntaxcrafty_syntax_live_helpMatch2.12.9

craftysyntaxcrafty_syntax_live_helpMatch2.13.0

craftysyntaxcrafty_syntax_live_helpMatch2.13.1

craftysyntaxcrafty_syntax_live_helpMatch2.14.0

craftysyntaxcrafty_syntax_live_helpMatch2.14.1

craftysyntaxcrafty_syntax_live_helpMatch2.14.2

craftysyntaxcrafty_syntax_live_helpMatch2.14.3

craftysyntaxcrafty_syntax_live_helpMatch2.14.4

craftysyntaxcrafty_syntax_live_helpMatch2.14.5

References

secunia.com/advisories/31573

security.craftysyntax.com/updates/?v=2.14.6

securityreason.com/securityalert/4192

sourceforge.net/project/shownotes.php?release_id=620878

www.gulftech.org/?node=research&article_id=00127-08252008

www.securityfocus.com/archive/1/495729/100/0/threaded

www.securityfocus.com/bid/30825

exchange.xforce.ibmcloud.com/vulnerabilities/44669

www.exploit-db.com/exploits/6307

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.5 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

65.7%

JSON

Related for NVD:CVE-2008-3845

prion1 cvelist1 cve1