CVE-2008-5813

SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
spipspip
1.8
spipspip
1.8.1
spipspip
1.8.2
spipspip
1.8.2b:b
spipspip
1.8.3
spipspip
1.8b1:b1
spipspip
1.8b2:b2
spipspip
1.8b3:b3
spipspip
1.8b4:b4
spipspip
1.8b5:b5
spipspip
1.8b6:b6
spipspip
1.9.0
spipspip
1.9.1:rev7385
spipspip
1.9.1:rev7502
spipspip
1.9.2
spipspip
1.9.2f:f
spipspip
2.0.0
spipspip
2.0.1
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
spip
bullseye
3.2.11-3+deb11u10
fixed
bullseye (security)
3.2.11-3+deb11u7
fixed
sid
4.3.3+dfsg-1
fixed
trixie
4.3.3+dfsg-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
spip
karmic
not-affected
jaunty
dne
intrepid
dne
hardy
dne
gutsy
dne
dapper
ignored
Common Weakness Enumeration
References
http://secunia.com/advisories/33307
http://www.securityfocus.com/bid/33021
http://www.securityfocus.com/bid/33061
http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2
https://exchange.xforce.ibmcloud.com/vulnerabilities/47626
https://exchange.xforce.ibmcloud.com/vulnerabilities/47695
http://secunia.com/advisories/33307
http://www.securityfocus.com/bid/33021
http://www.securityfocus.com/bid/33061
http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2
https://exchange.xforce.ibmcloud.com/vulnerabilities/47626
https://exchange.xforce.ibmcloud.com/vulnerabilities/47695