CVE-2008-3649

{"id": "CVE-2008-3649", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-08-13T00:41:00.000", "references": [{"url": "http://secunia.com/advisories/31292", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/4149", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/30453", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/2254", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44121", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/6167", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31292", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/4149", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/30453", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/2254", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44121", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/6167", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in categorydetail.php in Article Friendly Standard allows remote attackers to execute arbitrary SQL commands via the Cat parameter."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en categorydetail.php en Article Friendly Standard, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"Cat\"."}], "lastModified": "2024-11-21T00:49:46.960", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:articlefriendly:article_friendly:*:*:standard:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB08BE69-564F-4448-9090-0077B577FD22"}], "operator": "OR"}]}], "evaluatorImpact": "Regarding Access Complexity:\r\n\r\nhttp://secunia.com/advisories/31292:\r\n\r\n\"Input passed to the \"autid\" parameter in authordetail.php and to the \"Cat\" parameter in categorydetail.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.\r\n\r\nSuccessful exploitation requires that \"magic_quotes_gpc\" is disabled.\"", "sourceIdentifier": "cve@mitre.org"}