Vulnerability CVE-2008-0873
Published: 2008-02-21   Modified: 2012-02-12

Description:
SQL injection vulnerability in index.php in the jlmZone Classifieds module for XOOPS allows remote attackers to execute arbitrary SQL commands via the cid parameter in an Adsview action.

See advisories in our WLB2 database:
Topic
Author
Date
Med.
XOOPS Module classifieds SQL Injection(cid)
S@BUN
21.02.2008

Type:

CWE-89

 (Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Jlmzone -> Classifieds 

 References:
http://securityreason.com/securityalert/3681
http://www.securityfocus.com/archive/1/488357/100/0/threaded
http://www.securityfocus.com/bid/27895
https://www.exploit-db.com/exploits/5158
Copyright 2024, cxsecurity.com

 

Back to Top