CVE-2008-2626

Published Jun 10, 2008

Last updated 7 years ago

CVSS info 7.5

Overview

Description: SQL injection vulnerability in comment.asp in Battle Blog 1.25 and earlier allows remote attackers to execute arbitrary SQL commands via the entry parameter.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:battleblog:battleblog:*:build_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "698A3BD9-BB45-4148-89F2-6C353144B127",
            "versionEndIncluding": "1.25"
          },
          {
            "criteria": "cpe:2.3:a:battleblog:battleblog:1.0d:build_3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0DDC011B-0A24-4B3A-AD1F-65028AB9384E"
          },
          {
            "criteria": "cpe:2.3:a:battleblog:battleblog:1.0d:build_4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "CA8129DD-20C4-447E-B433-A0B463C7B397"
          },
          {
            "criteria": "cpe:2.3:a:battleblog:battleblog:1.0d:build_5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EBAF68B1-E55F-4EAF-823D-7D0AAC5EA1FC"
          },
          {
            "criteria": "cpe:2.3:a:battleblog:battleblog:1.0d:build_5a:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6EDE6424-07F4-478B-85DA-BCBE91574497"
          },
          {
            "criteria": "cpe:2.3:a:battleblog:battleblog:1.0d:build_6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "104A8FCF-4C6B-4D17-9AC7-4B6F7F39B2BD"
          },
          {
            "criteria": "cpe:2.3:a:battleblog:battleblog:1.05:build_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1C447A0-0024-4970-A153-483DDC9C2884"
          },
          {
            "criteria": "cpe:2.3:a:battleblog:battleblog:1.20:build_1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "95B9449B-6711-43EF-8771-83632E433105"
          },
          {
            "criteria": "cpe:2.3:a:battleblog:battleblog:1.20:build_2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E678D6C6-A281-401B-944A-CD03ECCF60E2"
          },
          {
            "criteria": "cpe:2.3:a:battleblog:battleblog:1.20:build_3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C0D0021F-5616-485D-8222-15F952B04639"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References