CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-2678

Multiple SQL injection vulnerabilities in Telephone Directory 2008, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) code parameter in a confirm_data action to edit1.php and the (2) id parameter to view_more.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 35.1%

CVSS Severity

CVSS v2 Score 7.5

References

http://www.securityfocus.com/bid/29614
https://exchange.xforce.ibmcloud.com/vulnerabilities/42971
https://www.exploit-db.com/exploits/5764
http://www.securityfocus.com/bid/29614
https://exchange.xforce.ibmcloud.com/vulnerabilities/42971
https://www.exploit-db.com/exploits/5764

Products affected by CVE-2008-2678

Telephone » Telephone Directory 2008 » Version: Any

cpe:2.3:a:telephone:telephone_directory_2008:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-2678

Products

Pricing

Contact Us