Details of VAR-200806-0053

ID

VAR-200806-0053

CVE

CVE-2008-2535

TITLE

Phoenix View CMS Pre Alpha2 In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2008-003127

DESCRIPTION

Multiple SQL injection vulnerabilities in Phoenix View CMS Pre Alpha2 and earlier allow remote attackers to execute arbitrary SQL commands via the del parameter to (1) gbuch.admin.php, (2) links.admin.php, (3) menue.admin.php, (4) news.admin.php, and (5) todo.admin.php in admin/module/. (1) admin/module/ Subordinate gbuch.admin.php (2) admin/module/ Subordinate links.admin.php (3) admin/module/ Subordinate menue.admin.php (4) admin/module/ Subordinate news.admin.php (5) admin/module/ Subordinate todo.admin.php. Phoenix View Cms is prone to a sql-injection vulnerability

Trust: 2.07

sources: NVD: CVE-2008-2535 // JVNDB: JVNDB-2008-003127 // BID: 81316 // IVD: be7b4be2-23cd-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.2

sources: IVD: be7b4be2-23cd-11e6-abef-000c29c66e3d

AFFECTED PRODUCTS

vendor:	fkrauthan	model:	phoenix view cms	scope:	eq	version:	2-pre-alpha	Trust: 1.6
vendor:	fkrauthan	model:	phoenix view cms	scope:	lte	version:	pre alpha2	Trust: 0.8
vendor:	fkrauthan	model:	phoenix view cms 2-pre-alpha	scope:	-	version:	-	Trust: 0.3
vendor:	phoenix view cms	model:	2-pre-alpha	scope:	-	version:	-	Trust: 0.2

sources: IVD: be7b4be2-23cd-11e6-abef-000c29c66e3d // BID: 81316 // JVNDB: JVNDB-2008-003127 // CNNVD: CNNVD-200806-050 // NVD: CVE-2008-2535

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-2535
value:	HIGH
Trust: 1.0
NVD:	CVE-2008-2535
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200806-050
value:	HIGH
Trust: 0.6
IVD:	be7b4be2-23cd-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2

nvd@nist.gov:	CVE-2008-2535
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
IVD:	be7b4be2-23cd-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: be7b4be2-23cd-11e6-abef-000c29c66e3d // JVNDB: JVNDB-2008-003127 // CNNVD: CNNVD-200806-050 // NVD: CVE-2008-2535

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.8

sources: JVNDB: JVNDB-2008-003127 // NVD: CVE-2008-2535

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200806-050

TYPE

SQL injection

Trust: 0.8

sources: IVD: be7b4be2-23cd-11e6-abef-000c29c66e3d // CNNVD: CNNVD-200806-050

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-003127

PATCH

title:

Top Page

url:

http://sourceforge.net/projects/phoenixviewcms/

Trust: 0.8

sources: JVNDB: JVNDB-2008-003127

EXTERNAL IDS

db:	NVD	id:	CVE-2008-2535	Trust: 2.9
db:	EXPLOIT-DB	id:	5578	Trust: 1.9
db:	XF	id:	42316	Trust: 0.9
db:	CNNVD	id:	CNNVD-200806-050	Trust: 0.8
db:	JVNDB	id:	JVNDB-2008-003127	Trust: 0.8
db:	MILW0RM	id:	5578	Trust: 0.6
db:	BID	id:	81316	Trust: 0.3
db:	IVD	id:	BE7B4BE2-23CD-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: be7b4be2-23cd-11e6-abef-000c29c66e3d // BID: 81316 // JVNDB: JVNDB-2008-003127 // CNNVD: CNNVD-200806-050 // NVD: CVE-2008-2535

REFERENCES

url:	https://www.exploit-db.com/exploits/5578	Trust: 1.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/42316	Trust: 1.0
url:	http://www.milw0rm.com/exploits/5578	Trust: 0.9
url:	http://xforce.iss.net/xforce/xfdb/42316	Trust: 0.9
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-2535	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-2535	Trust: 0.8

sources: BID: 81316 // JVNDB: JVNDB-2008-003127 // CNNVD: CNNVD-200806-050 // NVD: CVE-2008-2535

CREDITS

Unknown

Trust: 0.3

sources: BID: 81316

SOURCES

db:	IVD	id:	be7b4be2-23cd-11e6-abef-000c29c66e3d
db:	BID	id:	81316
db:	JVNDB	id:	JVNDB-2008-003127
db:	CNNVD	id:	CNNVD-200806-050
db:	NVD	id:	CVE-2008-2535

LAST UPDATE DATE

2025-04-10T23:13:04.421000+00:00

SOURCES UPDATE DATE

db:	BID	id:	81316	date:	2008-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2008-003127	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200806-050	date:	2008-09-05T00:00:00
db:	NVD	id:	CVE-2008-2535	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	IVD	id:	be7b4be2-23cd-11e6-abef-000c29c66e3d	date:	2008-06-03T00:00:00
db:	BID	id:	81316	date:	2008-06-03T00:00:00
db:	JVNDB	id:	JVNDB-2008-003127	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200806-050	date:	2008-06-03T00:00:00
db:	NVD	id:	CVE-2008-2535	date:	2008-06-03T15:32:00