CVE-2008-5772

Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to type.asp and the (2) iPro parameter to detail.asp.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/50707	Exploit
http://osvdb.org/50708	Exploit
http://secunia.com/advisories/33167	Vendor Advisory
http://securityreason.com/securityalert/4848
http://www.securityfocus.com/bid/32812
https://exchange.xforce.ibmcloud.com/vulnerabilities/47323
https://www.exploit-db.com/exploits/7464

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:aspsiteware:realtylistings:1.0:::::::*
	cpe:2.3:a:aspsiteware:realtylistings:2.0:::::::*

History

No history.

Information

Published : 2008-12-30 20:30

Updated : 2017-09-29 01:32

NVD link : CVE-2008-5772

Mitre link : CVE-2008-5772

CVE.ORG link : CVE-2008-5772

JSON object : View

Products Affected

aspsiteware

realtylistings

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2008-5772", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2008-12-30T20:30:01.780", "references": [{"url": "http://osvdb.org/50707", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://osvdb.org/50708", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/33167", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/4848", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/32812", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47323", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/7464", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in ASPSiteWare RealtyListings 1.0 and 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) iType parameter to type.asp and the (2) iPro parameter to detail.asp."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en ASPSiteWare RealtyListings v1.0 y v2.0 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante (1) el par\u00e1metro iType de type.asp y (2) el par\u00e1metro iPro de detail.asp."}], "lastModified": "2017-09-29T01:32:47.963", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:aspsiteware:realtylistings:1.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "93082583-F3ED-4424-966F-D3FFBA52A900"}, {"criteria": "cpe:2.3:a:aspsiteware:realtylistings:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "12EB8C10-8D68-4177-83B7-0EB26726F6CD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}