CVE-2008-0517

SQL injection vulnerability in index.php in the Darko Selesi EstateAgent (com_estateagent) 0.1 component for Mambo 4.5.x and Joomla! allows remote attackers to execute arbitrary SQL commands via the objid parameter in a contact showObject action.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
VendorProductVersion
darko_selesiestateagent
0.1
joomlajoomla
*
mambomambo
4.5
mambomambo
4.5.0.2
mambomambo
4.5.1.3
mambomambo
4.5.1_1.0.9:_1.0
mambomambo
4.5.1_beta:_beta
mambomambo
4.5.1_beta2:_beta2
mambomambo
4.5.1a:a
mambomambo
4.5.2
mambomambo
4.5.2.1
mambomambo
4.5.2.2
mambomambo
4.5.2.3
mambomambo
4.5.3h:h
mambomambo
4.5.4
mambomambo
4.5_1.0.0:_1.0
mambomambo
4.5_1.0.1:_1.0
mambomambo
4.5_1.0.2:_1.0
mambomambo
4.5_1.0.3_beta:_1.0
mambomambo
4.5_1.0.9:_1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.securityfocus.com/bid/27520
http://www.vupen.com/english/advisories/2008/0362
https://exchange.xforce.ibmcloud.com/vulnerabilities/40060
https://www.exploit-db.com/exploits/5016
http://www.securityfocus.com/bid/27520
http://www.vupen.com/english/advisories/2008/0362
https://exchange.xforce.ibmcloud.com/vulnerabilities/40060
https://www.exploit-db.com/exploits/5016