CVE-2008-3374

Published Jul 30, 2008

Last updated 6 years ago

CVSS info 7.5

Overview

Description: SQL injection vulnerability in ajax.php in Gregarius 0.5.4 and earlier allows remote attackers to execute arbitrary SQL commands via the rsargs array parameter in an __exp__getFeedContent action.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gregarius:gregarius:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D32F81E0-7C1C-488F-BA2E-DDE9571BFB6C",
            "versionEndIncluding": "0.5.4"
          },
          {
            "criteria": "cpe:2.3:a:gregarius:gregarius:0.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "582D8A84-C5AB-44D5-A815-15F78EA85C2B"
          },
          {
            "criteria": "cpe:2.3:a:gregarius:gregarius:0.3.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C5432677-7BDA-403C-82AB-222E7790CA1B"
          },
          {
            "criteria": "cpe:2.3:a:gregarius:gregarius:0.3.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB0D40C5-5C8C-4C58-AA8B-A27DA2C676C5"
          },
          {
            "criteria": "cpe:2.3:a:gregarius:gregarius:0.3.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9B1DBBD5-72A0-4B01-ACC4-87A9659ECC42"
          },
          {
            "criteria": "cpe:2.3:a:gregarius:gregarius:0.3.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44F8C261-3D7C-4242-8F83-BC6FED15F69B"
          },
          {
            "criteria": "cpe:2.3:a:gregarius:gregarius:0.3.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "17B9108C-5779-40E0-A6D1-1966F7D416DA"
          },
          {
            "criteria": "cpe:2.3:a:gregarius:gregarius:0.4.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6880E6D9-1F2A-4E6D-AD77-14BBAE4EDC2F"
          },
          {
            "criteria": "cpe:2.3:a:gregarius:gregarius:0.4.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3EEF500D-73C1-4514-A87F-57A88FE0C1F4"
          },
          {
            "criteria": "cpe:2.3:a:gregarius:gregarius:0.5.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F74CB5F7-E308-4C78-8BF2-1289DA740406"
          },
          {
            "criteria": "cpe:2.3:a:gregarius:gregarius:0.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "09CC83D1-EAA2-40D3-A0E6-F47BCE1C8087"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References