CVE-2008-5813SQL Injection in Spip

CWE-89SQL Injection4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.7%
top 27.82%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SpipDebian Spip
Timeline
PublishedJan 2
Latest updateMay 17

Description

SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages3 packages

debiandebian/spip< spip 2.0.6-1 (bullseye)
Debianspip/spip< 2.0.6-1+2
NVDspip/spip17 versions+16

Patches

Patch: www.spip-contrib.netPatch: www.spip-contrib.net

🔴Vulnerability Details

2
GHSA
GHSA-wj8j-58jx-v347: SQL injection vulnerability in inc/rubriques2022-05-17
OSV
CVE-2008-5813: SQL injection vulnerability in inc/rubriques2009-01-02

📋Vendor Advisories

1
Debian
CVE-2008-5813: spip - SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 ...2008
CVE-2008-5813 — SQL Injection in Debian Spip | cvebase