CVE-2008-5841

Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the browse parameter to (1) previews.php and (2) reviews.php, and the (3) id parameter to index.php in a viewarticle action.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://securityreason.com/securityalert/4867
http://www.securityfocus.com/bid/31340
https://exchange.xforce.ibmcloud.com/vulnerabilities/45366
https://www.exploit-db.com/exploits/6540

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:igamingcms:igaming_cms::::::::
	cpe:2.3:a:igamingcms:igaming_cms:1.3.1:::::::*
	cpe:2.3:a:igamingcms:igaming_cms:1.4.2:::::::*

History

No history.

Information

Published : 2009-01-05 16:30

Updated : 2024-02-04 17:33

NVD link : CVE-2008-5841

Mitre link : CVE-2008-5841

CVE.ORG link : CVE-2008-5841

JSON object : View

Products Affected

igamingcms

igaming_cms

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2008-5841", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2009-01-05T16:30:04.233", "references": [{"url": "http://securityreason.com/securityalert/4867", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/31340", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45366", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/6540", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in iGaming 1.5 and earlier allow remote attackers to execute arbitrary SQL commands via the browse parameter to (1) previews.php and (2) reviews.php, and the (3) id parameter to index.php in a viewarticle action."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en iGaming v1.5 y anteriores, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante el par\u00e1metro browse en (1) previews.php y (2) reviews.php, y el par\u00e1metro id en index.php en una acci\u00f3n viewarticle."}], "lastModified": "2017-09-29T01:32:49.993", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:igamingcms:igaming_cms:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B3DB55EC-1718-4ACE-A278-951A5EA6D48D", "versionEndIncluding": "1.5"}, {"criteria": "cpe:2.3:a:igamingcms:igaming_cms:1.3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E08D0C7-1C1C-4437-9184-4A96DCDB7111"}, {"criteria": "cpe:2.3:a:igamingcms:igaming_cms:1.4.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "A4B664E9-B0C7-4B26-A1F7-3AEE7A7FEB56"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}