CVE-2008-1895

Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to events.asp, the (2) UserName parameter to getpassword.asp, and possibly an unspecified parameter to (3) option_Update.asp in an edit action.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 69%
VendorProductVersion
carboncommunitiescarbon_communities
𝑥
≤ 2.4
carboncommunitiescarbon_communities
1.0
carboncommunitiescarbon_communities
1.1
carboncommunitiescarbon_communities
2.1
carboncommunitiescarbon_communities
2.2
carboncommunitiescarbon_communities
2.3
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://bugreport.ir/index.php?/35
http://bugreport.ir/index.php?/35/exploit
http://secunia.com/advisories/29827
http://www.securityfocus.com/archive/1/490923/100/0/threaded
http://www.securityfocus.com/bid/28806
https://exchange.xforce.ibmcloud.com/vulnerabilities/41845
https://www.exploit-db.com/exploits/5456
http://bugreport.ir/index.php?/35
http://bugreport.ir/index.php?/35/exploit
http://secunia.com/advisories/29827
http://www.securityfocus.com/archive/1/490923/100/0/threaded
http://www.securityfocus.com/bid/28806
https://exchange.xforce.ibmcloud.com/vulnerabilities/41845
https://www.exploit-db.com/exploits/5456