CVE-2008-4175

{"id": "CVE-2008-4175", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2008-09-23T15:25:42.733", "references": [{"url": "http://secunia.com/advisories/31853", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/4299", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/31191", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45153", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45155", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/6466", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31853", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/4299", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/31191", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45153", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45155", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/6466", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Link Bid Script 1.5 allow remote attackers to execute arbitrary SQL commands via the (1) ucat parameter to upgrade.php and the (2) id parameter to linkadmin/edit.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Link Bid Script 1.5 que permite a los atacantes remotos ejecutar arbitrariamente comandos SQL a trav\u00e9s del par\u00e1metro (1) ucat en upgrade.php y el (2) par\u00e1metro id en linkadmin/edit.php."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:linkbidscript:linkbidscript:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EEB5D20D-05F3-462D-A102-2D8C4CEBADEE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}