CVE-2008-3649
Published Aug 13, 2008
Last updated 7 years ago
Overview
- Description
- SQL injection vulnerability in categorydetail.php in Article Friendly Standard allows remote attackers to execute arbitrary SQL commands via the Cat parameter.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-89
Evaluator
- Comment
- -
- Impact
- Regarding Access Complexity: http://secunia.com/advisories/31292: "Input passed to the "autid" parameter in authordetail.php and to the "Cat" parameter in categorydetail.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled."
- Solution
- Regarding Access Complexity: http://secunia.com/advisories/31292: "Input passed to the "autid" parameter in authordetail.php and to the "Cat" parameter in categorydetail.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation requires that "magic_quotes_gpc" is disabled."
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:articlefriendly:article_friendly:*:*:standard:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "FB08BE69-564F-4448-9090-0077B577FD22"
}
],
"operator": "OR"
}
]
}
]