CVE-2008-2190

Sažetak

SQL injection vulnerability in index.php in Online Rent (aka Online Rental Property Script) 4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter. NOTE: it was later reported that 5.0 and earlier are also affected.

Reference

http://advisories.echo.or.id/adv/adv91-K-159-2008.txt
http://secunia.com/advisories/30090
http://secunia.com/advisories/35147
http://securityreason.com/securityalert/3875
http://www.securityfocus.com/archive/1/491607/100/0/threaded
http://www.securityfocus.com/archive/1/491816/100/0/threaded
http://www.securityfocus.com/bid/29052
http://www.securityfocus.com/bid/35005
http://www.vupen.com/english/advisories/2009/1366
https://exchange.xforce.ibmcloud.com/vulnerabilities/42191
https://www.exploit-db.com/exploits/5542
https://www.exploit-db.com/exploits/8711

CVSS

Base:	6.8
Impact:	6.4
Exploitability:	8.6

Pristup

Vektor	Složenost	Autentikacija
NETWORK	MEDIUM	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:M/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

11-10-2018 - 20:39

Objavljeno

14-05-2008 - 17:20