exploitDog

CVE-2008-0918

Опубликовано: 22 фев. 2008

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in includes/count_dl_or_link.inc.php in the astatsPRO (com_astatspro) 1.0.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to getfile.php, a different vector than CVE-2008-0839. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Ссылки

http://secunia.com/advisories/29008
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/40852
http://secunia.com/advisories/29008
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/40852

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:astats:astatspro:1.0.1:*:*:*:*:*:*:*

cpe:2.3:a:joomla:com_astatspro:1.0.1:*:*:*:*:*:*:*

EPSS

Процентиль: 5%

0.00022

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-rf6q-m37m-q323

github

почти 4 года назад

SQL injection vulnerability in includes/count_dl_or_link.inc.php in the astatsPRO (com_astatspro) 1.0.1 component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter to getfile.php, a different vector than CVE-2008-0839. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

EPSS

Процентиль: 5%

0.00022

Низкий

7.5 High

CVSS2

Дефекты

CWE-89