CVE-2008-5654
Published Dec 17, 2008
Last updated 7 years ago
Overview
- Description
- SQL injection vulnerability in the loginADP function in ajaxp.php in MyioSoft EasyCalendar 4.0 allows remote attackers to execute arbitrary SQL commands via the rsargs parameter, as reachable through the username parameter, a different vector than CVE-2008-1344. NOTE: some of these details are obtained from third party information.
- Source
- cve@mitre.org
- NVD status
- Modified
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-89
Social media
- Hype score
- Not currently trending
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:myiosoft:easycalendar:4.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CAC7ADFF-EB3F-4DDE-995C-F9E961988BC9"
}
],
"operator": "OR"
}
]
}
]