CVE-2008-2901

{"id": "CVE-2008-2901", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2008-06-30T18:24:00.000", "references": [{"url": "http://secunia.com/advisories/30680", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/29722", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43097", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/5811", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30680", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/29722", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43097", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/5811", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Haudenschilt Family Connections CMS (FCMS) 1.4 allow remote authenticated users to execute arbitrary SQL commands via the (1) address parameter to addressbook.php, the (2) getnews parameter to familynews.php, and the (3) poll_id parameter to home.php in a results action."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Haudenschilt Family Connections CMS (FCMS) 1.4 permiten a usuarios remotos autenticados ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del (1) par\u00e1metro address de addressbook.php, el (2) par\u00e1metro getnews de familynews.php, y el (3) par\u00e1metro poll_id de home.php in en una acci\u00f3n results."}], "lastModified": "2024-11-21T00:47:58.260", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:haudenschilt:family_connections_cms:1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C009F6D-C0CB-4CE9-9B0A-9532167FBAB5"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}