CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2008-4364

SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the (1) id parameter in the "page" page and (2) txtSearch parameter in the "Search" page.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.3%

CVSS Severity

CVSS v2 Score 7.5

References

http://securityreason.com/securityalert/4343
http://www.bugreport.ir/index_53.htm
http://www.securityfocus.com/archive/1/496799/100/0/threaded
http://www.securityfocus.com/bid/31450
https://exchange.xforce.ibmcloud.com/vulnerabilities/45494
https://www.exploit-db.com/exploits/6610
http://securityreason.com/securityalert/4343
http://www.bugreport.ir/index_53.htm
http://www.securityfocus.com/archive/1/496799/100/0/threaded
http://www.securityfocus.com/bid/31450
https://exchange.xforce.ibmcloud.com/vulnerabilities/45494
https://www.exploit-db.com/exploits/6610

Products affected by CVE-2008-4364

Parsagostar » Parsaweb Cms » Version: N/A

cpe:2.3:a:parsagostar:parsaweb_cms:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-4364

Products

Pricing

Contact Us