Vulnerability CVE-2008-0290
Published: 2008-01-15   Modified: 2012-02-12

Description:
Multiple SQL injection vulnerabilities in Digital Hive 2.0 RC2 and earlier allow (1) remote attackers to execute arbitrary SQL commands via the selectskin parameter to an unspecified program, or (2) remote authenticated administrators to execute arbitrary SQL commands via the user_id parameter in the gestion_membre.php page to base.php.

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Digitalhive -> Digitalhive 

 References:
http://www.securityfocus.com/bid/27232
https://exchange.xforce.ibmcloud.com/vulnerabilities/39602
https://www.exploit-db.com/exploits/4887
Copyright 2024, cxsecurity.com

 

Back to Top