CVE-2008-1513

{"id": "CVE-2008-1513", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "MEDIUM", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2008-03-25T23:44:00.000", "references": [{"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41153", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/5239", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41153", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/5239", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in index.php in Danneo CMS 0.5.1 and earlier, when the Referers statistics option is enabled, allows remote attackers to execute arbitrary SQL commands via the HTTP Referer header."}, {"lang": "es", "value": "Vulnerabilidad de Inyecci\u00f3n SQL en index.php de Danneo CMS 0.5.1 y versiones anteriores, cuando la opci\u00f3n Referers statistics est\u00e1 activada, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante la cabecera HTTP Referer."}], "lastModified": "2024-11-21T00:44:42.813", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:danneo:cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E717BBDF-1DB1-4E16-805D-CC4807042814", "versionEndIncluding": "0.5.1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}