Vulnerability Details CVE-2008-2492
Multiple SQL injection vulnerabilities in Campus Bulletin Board 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to post3/view.asp and the (2) review parameter to post3/book.asp.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 36.1%
CVSS Severity
CVSS v2 Score 7.5
References
- http://www.securityfocus.com/archive/1/492586/100/0/threaded
- http://www.securityfocus.com/bid/29375
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42660
- http://www.securityfocus.com/archive/1/492586/100/0/threaded
- http://www.securityfocus.com/bid/29375
- https://exchange.xforce.ibmcloud.com/vulnerabilities/42660
Products affected by CVE-2008-2492
-
cpe:2.3:a:badongo:campus_bulletin_board:3.4