CVE-2008-4711

SQL injection vulnerability in Joovili 3.0 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.blog.php, (2) view.event.php, (3) view.group.php, (4) view.music.php, (5) view.picture.php, and (6) view.video.php.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 35%
VendorProductVersion
joovilijoovili
𝑥
≤ 3.0
joovilijoovili
2.1
joovilijoovili
3.0.6
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://securityreason.com/securityalert/4486
http://www.securityfocus.com/bid/31444
https://exchange.xforce.ibmcloud.com/vulnerabilities/45486
https://www.exploit-db.com/exploits/6595
http://securityreason.com/securityalert/4486
http://www.securityfocus.com/bid/31444
https://exchange.xforce.ibmcloud.com/vulnerabilities/45486
https://www.exploit-db.com/exploits/6595