fkie_nvd - fkie_cve-2008-5813

fkie_cve-2008-5813

Vulnerability from fkie_nvd

Published

2009-01-02 18:11

Modified

2024-11-21 00:54

Severity ?

Summary

SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/33307	Vendor Advisory
cve@mitre.org	http://www.securityfocus.com/bid/33021
cve@mitre.org	http://www.securityfocus.com/bid/33061
cve@mitre.org	http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2	Patch, Vendor Advisory
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/47626
cve@mitre.org	https://exchange.xforce.ibmcloud.com/vulnerabilities/47695
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/33307	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/33021
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/33061
af854a3a-2127-422b-91ae-364da2661108	http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2	Patch, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/47626
af854a3a-2127-422b-91ae-364da2661108	https://exchange.xforce.ibmcloud.com/vulnerabilities/47695

Impacted products

Vendor	Product	Version
spip	spip	1.8
spip	spip	1.8.1
spip	spip	1.8.2
spip	spip	1.8.2b
spip	spip	1.8.3
spip	spip	1.8b1
spip	spip	1.8b2
spip	spip	1.8b3
spip	spip	1.8b4
spip	spip	1.8b5
spip	spip	1.8b6
spip	spip	1.9.0
spip	spip	1.9.1
spip	spip	1.9.1
spip	spip	1.9.2
spip	spip	1.9.2f
spip	spip	2.0.0
spip	spip	2.0.1

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:spip:spip:1.8:*:*:*:*:*:*:*",
              "matchCriteriaId": "B513AF43-AFCA-494C-A3D0-A35F3214CE62",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spip:spip:1.8.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "8C4AC748-27C3-4FEC-A3C0-CF68B7D5DA4A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spip:spip:1.8.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "91DEC874-206B-4C45-92F5-C6C650F92782",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spip:spip:1.8.2b:*:*:*:*:*:*:*",
              "matchCriteriaId": "0A738F49-1968-4748-A48D-7D493BD09313",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spip:spip:1.8.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "2258E6D1-B11D-4902-98D2-FC8330BE175D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spip:spip:1.8b1:*:*:*:*:*:*:*",
              "matchCriteriaId": "233CD17B-7CA9-4169-85CC-D44C2783A274",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spip:spip:1.8b2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C1F0B947-DA3E-4394-A2B4-240B9792BA9B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spip:spip:1.8b3:*:*:*:*:*:*:*",
              "matchCriteriaId": "D4FBAA9E-2DD6-4FCC-AD97-CF666DB1B6EC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spip:spip:1.8b4:*:*:*:*:*:*:*",
              "matchCriteriaId": "D11D5EC5-EB3F-4517-90E4-FE4B0B6526A0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spip:spip:1.8b5:*:*:*:*:*:*:*",
              "matchCriteriaId": "537F4814-914D-4493-98FB-F5F21B385F8B",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spip:spip:1.8b6:*:*:*:*:*:*:*",
              "matchCriteriaId": "8E128150-5AF1-45EF-8A6F-6709671F22D8",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spip:spip:1.9.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "87EF9B63-0BB2-425A-8A81-1264BD28DB5E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spip:spip:1.9.1:rev7385:*:*:*:*:*:*",
              "matchCriteriaId": "FDBAD023-85A7-4B75-90EA-7C174F746050",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spip:spip:1.9.1:rev7502:*:*:*:*:*:*",
              "matchCriteriaId": "82D6BD57-507A-4131-9D50-7F76BB9C5DC7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spip:spip:1.9.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "1BCB6E24-EA9D-46C4-B128-310DFEB22D50",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spip:spip:1.9.2f:*:*:*:*:*:*:*",
              "matchCriteriaId": "D95CA7C1-F894-4530-B3D4-44002F387453",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spip:spip:2.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "8DF1BEB1-2CCB-47F6-8EFB-E4F9AA6A4ED0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:spip:spip:2.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "D5698E04-FD77-45A1-8FBE-200897595CB1",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en inc/rubriques.php en SPIP v1.8 anteriores a v1.8.3b, v1.9 anteriores a v1.9.2g, y v2.0 anteriores a v2.0.2 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante el par\u00e1metro \"ID\". NOTA: algunos de los detalles han sido obtenidos a partir de la informaci\u00f3n de terceros."
    }
  ],
  "id": "CVE-2008-5813",
  "lastModified": "2024-11-21T00:54:57.787",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2009-01-02T18:11:09.610",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33307"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/33021"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/33061"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47626"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/33307"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/33021"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/33061"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch",
        "Vendor Advisory"
      ],
      "url": "http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47626"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47695"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

cve-2008-5813

Vulnerability from cvelistv5

Published

2009-01-02 18:00

Modified

2024-08-07 11:04