CVE-2008-5652

{"id": "CVE-2008-5652", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2008-12-17T18:30:01.250", "references": [{"url": "http://osvdb.org/49701", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/32673", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/4770", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/32199", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/3075", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46447", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/7045", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/49701", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/32673", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/4770", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/32199", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/3075", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46447", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/7045", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyBookMarker 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en la funci\u00f3n loginADP en ajaxp.php en MyioSoft EasyBookMarker 4.0 que permite a los atacantes remotos ejecutar arbitrariamente comandos SQL a trav\u00e9s del par\u00e1metro rsargs, como alcanzable a trav\u00e9s del par\u00e1metro username. NOTA: algunos de estos detalles ha sido obtenidos de informaci\u00f3n de terceros."}], "lastModified": "2024-11-21T00:54:33.540", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:myiosoft:easybookmarker:4.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "10EA4E62-A981-43E9-817C-941A6C0D4958"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}