CVE-2008-1613

SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build 7.5.0.48, and possibly other versions including 6.5 and 7.0, allows remote attackers to execute arbitrary SQL commands via the LngId parameter.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.irmplc.com/index.php/167-Advisory-026
http://www.securityfocus.com/bid/28872
http://secunia.com/advisories/29843
https://exchange.xforce.ibmcloud.com/vulnerabilities/41924
https://www.exploit-db.com/exploits/5482
http://www.securityfocus.com/archive/1/491139/100/0/threaded

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:reddot:cms:7.0:::::::*
	cpe:2.3:a:reddot:cms:7.5:build_7.5.0.48::::::
	cpe:2.3:a:reddot:cms:6.5:::::::*

Information

Published : 2008-04-21 21:41

Updated : 2018-10-11 13:35

NVD link : CVE-2008-1613

Mitre link : CVE-2008-1613

JSON object : View

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

Advertisement

Products Affected

reddot

cms

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.irmplc.com/index.php/167-Advisory-026", "name": "http://www.irmplc.com/index.php/167-Advisory-026", "tags": [], "refsource": "MISC"}, {"url": "http://www.securityfocus.com/bid/28872", "name": "28872", "tags": [], "refsource": "BID"}, {"url": "http://secunia.com/advisories/29843", "name": "29843", "tags": [], "refsource": "SECUNIA"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/41924", "name": "reddot-iord-sql-injection(41924)", "tags": [], "refsource": "XF"}, {"url": "https://www.exploit-db.com/exploits/5482", "name": "5482", "tags": [], "refsource": "EXPLOIT-DB"}, {"url": "http://www.securityfocus.com/archive/1/491139/100/0/threaded", "name": "20080421 IRM Security Advisory : RedDot CMS SQL injection vulnerability", "tags": [], "refsource": "BUGTRAQ"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "SQL injection vulnerability in ioRD.asp in RedDot CMS 7.5 Build 7.5.0.48, and possibly other versions including 6.5 and 7.0, allows remote attackers to execute arbitrary SQL commands via the LngId parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-89"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2008-1613", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2008-04-22T04:41Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:reddot:cms:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:reddot:cms:7.5:build_7.5.0.48:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:a:reddot:cms:6.5:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2018-10-11T20:35Z"}