CVE-2014-8339

SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ClipShare 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ch parameter.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://packetstormsecurity.com/files/128909/Nuevolabs-Nuevoplayer-For-Clipshare-SQL-Injection.html
http://www.securityfocus.com/archive/1/533847/100/0/threaded
http://www.securityfocus.com/bid/70833
http://www.youtube.com/watch?v=_-oOI1LnEdk	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/98393

Configurations

Configuration 1 (hide)

AND

cpe:2.3:a:nuevolab:nuevoplayer:-:*:*:*:*:*:*:*

cpe:2.3:a:clip-share:clipshare:*:*:*:*:*:*:*:*

History

No history.

Information

Published : 2014-11-04 15:55

Updated : 2024-02-04 18:35

NVD link : CVE-2014-8339

Mitre link : CVE-2014-8339

CVE.ORG link : CVE-2014-8339

JSON object : View

Products Affected

clip-share

clipshare

nuevolab

nuevoplayer

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2014-8339", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2014-11-04T15:55:06.200", "references": [{"url": "http://packetstormsecurity.com/files/128909/Nuevolabs-Nuevoplayer-For-Clipshare-SQL-Injection.html", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/533847/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/70833", "source": "cve@mitre.org"}, {"url": "http://www.youtube.com/watch?v=_-oOI1LnEdk", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/98393", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in midroll.php in Nuevolab Nuevoplayer for ClipShare 8.0 and earlier allows remote attackers to execute arbitrary SQL commands via the ch parameter."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en midroll.php en Nuevolab Nuevoplayer for ClipShare 8.0 y anteriores permite a atacantes remotos ejecutar comandos SQL arbitrarios a trav\u00e9s del par\u00e1metro ch."}], "lastModified": "2018-10-09T19:53:51.603", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nuevolab:nuevoplayer:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CBDBBB41-CA8B-4E4F-94D2-DC76D1415FA5"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:clip-share:clipshare:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "94C8FDD0-C765-4270-AA4B-66C5F509A1CB", "versionEndIncluding": "8.0"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}