CVE-2008-5631

{"id": "CVE-2008-5631", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2008-12-17T17:30:00.627", "references": [{"url": "http://secunia.com/advisories/32927", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46910", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/7279", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in start.asp in Active eWebquiz 8.0 allows remote attackers to execute arbitrary SQL commands via the (1) useremail parameter (aka username field) or the (2) password parameter. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en el archivo start.asp en Active eWebquiz 8.0 permite a los atacantes remotos ejecutar arbitrariamente comandos SQL a trav\u00e9s de los par\u00e1metros (1) useremail (alias campo username) o (2) password. NOTA: algunas de estos detalles son obtenidos de informaci\u00f3n de terceros."}], "lastModified": "2017-09-29T01:32:42.917", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:activewebsoftwares:active_ewebquiz:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6051716A-FB00-434A-9C30-3CEAB0FA8D5A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}