CVE-2008-5194

SQL injection vulnerability in checkavail.php in SoftVisions Software Online Booking Manager (obm) 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/30842	Vendor Advisory
http://securityreason.com/securityalert/4622
http://www.securityfocus.com/bid/30004	Exploit
http://www.vupen.com/english/advisories/2008/1976/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43448
https://www.exploit-db.com/exploits/5964
http://secunia.com/advisories/30842	Vendor Advisory
http://securityreason.com/securityalert/4622
http://www.securityfocus.com/bid/30004	Exploit
http://www.vupen.com/english/advisories/2008/1976/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/43448
https://www.exploit-db.com/exploits/5964

Configurations

Configuration 1 (hide)

cpe:2.3:a:softvisions_software:online_booking_manager:2.2:*:*:*:*:*:*:*

History

21 Nov 2024, 00:53

Type	Values Removed	Values Added
References	~~() http://secunia.com/advisories/30842 - Vendor Advisory~~	() http://secunia.com/advisories/30842 - Vendor Advisory
References	~~() http://securityreason.com/securityalert/4622 -~~	() http://securityreason.com/securityalert/4622 -
References	~~() http://www.securityfocus.com/bid/30004 - Exploit~~	() http://www.securityfocus.com/bid/30004 - Exploit
References	~~() http://www.vupen.com/english/advisories/2008/1976/references -~~	() http://www.vupen.com/english/advisories/2008/1976/references -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/43448 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/43448 -
References	~~() https://www.exploit-db.com/exploits/5964 -~~	() https://www.exploit-db.com/exploits/5964 -

Information

Published : 2008-11-21 17:30

Updated : 2024-11-21 00:53

NVD link : CVE-2008-5194

Mitre link : CVE-2008-5194

CVE.ORG link : CVE-2008-5194

JSON object : View

Products Affected

softvisions_software

online_booking_manager

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2008-5194", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2008-11-21T17:30:00.500", "references": [{"url": "http://secunia.com/advisories/30842", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/4622", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/30004", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1976/references", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43448", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/5964", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30842", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://securityreason.com/securityalert/4622", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/30004", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.vupen.com/english/advisories/2008/1976/references", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43448", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/5964", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in checkavail.php in SoftVisions Software Online Booking Manager (obm) 2.2 allows remote attackers to execute arbitrary SQL commands via the id parameter."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en checkavail.php en SoftVisions Software Online Booking Manager (obm) v2.2 permite a atacantes remotos ejecutar comandos arbitrarios SQL a trav\u00e9s de par\u00e1metro id."}], "lastModified": "2024-11-21T00:53:31.680", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:softvisions_software:online_booking_manager:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "52E1921A-B10C-4E7B-BC95-0E9C45240895"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}