CVE-2008-2843
Published Jun 25, 2008
Last updated 7 years ago
Overview
- Description
- Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter in an USUB action to default.asp and the (2) Licence[SpecialLicenseNumber] (aka LicenceId) cookie to edit/default.asp.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-89
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:doitlive:cms:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CCE35991-2B67-42F0-8D96-50AB3DFE15EE",
"versionEndIncluding": "2.50"
}
],
"operator": "OR"
}
]
}
]