CVE Vulnerability

CVE-2008-3151

SQL injection vulnerability in the 4ndvddb 0.91 module for PHP-Nuke allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_dvd action.

7.5 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 6.4

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

Scope

References
Link Resource
http://www.securityfocus.com/bid/30120
http://secunia.com/advisories/30976 Vendor Advisory
http://securityreason.com/securityalert/3986
https://exchange.xforce.ibmcloud.com/vulnerabilities/43626
http://www.securityfocus.com/archive/1/494013/100/0/threaded
Configurations

Configuration 1

cpe:2.3:a:warpspeed:4ndvddb:0.91:*:*:*:*:*:*:*
cpe:2.3:a:phpnuke:4ndvddb:0.91:*:*:*:*:*:*:*
Information

Published : 2008-07-11 10:41

Updated : 2018-10-11 08:47

NVD link : CVE-2008-3151

Mitre link : CVE-2008-3151

Products Affected

4ndvddb

Phpnuke

CWE
CWE-89