CVE-2008-6641

{"id": "CVE-2008-6641", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-04-07T14:17:17.767", "references": [{"url": "http://www.securityfocus.com/bid/29091", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42261", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/5564", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/29091", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42261", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/5564", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Shader TV (Beta) allow remote authenticated administrators to execute arbitrary SQL commands via the sid parameter to (1) kanal.asp, (2) google.asp, and (3) hakk.asp in yonet/; and allow remote attackers to execute arbitrary SQL commands via the (4) username or (5) password fields to yonet/default.asp."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Shader TV (Beta) permite a administrador remotos autenticados ejecutar comandos SQL de forma arbitraria a trav\u00e9s del par\u00e1metro \"sid\" a (1) kanal.asp, (2) google.asp, y (3) hakk.asp en yonet/; y permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s de los campos (4) \"username\" y (5) \"password\" a yonet/default.asp."}], "lastModified": "2024-11-21T00:57:04.340", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aspindir:shader_tv:*:beta:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "85B11336-C802-4028-A0CB-444758FA4DCE"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}