Vulnerability Description
SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Easyscripts | Tr Script News | 2.1 |
Related Weaknesses (CWE)
References
- http://secunia.com/advisories/29814Vendor Advisory
- http://www.securityfocus.com/bid/28876
- http://www.vupen.com/english/advisories/2008/1319/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41946
- https://www.exploit-db.com/exploits/5483
- http://secunia.com/advisories/29814Vendor Advisory
- http://www.securityfocus.com/bid/28876
- http://www.vupen.com/english/advisories/2008/1319/references
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41946
- https://www.exploit-db.com/exploits/5483
FAQ
What is CVE-2008-1957?
CVE-2008-1957 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in news.php in Tr Script News 2.1 allows remote attackers to execute arbitrary SQL commands via the nb parameter in voir mode.
How severe is CVE-2008-1957?
CVE-2008-1957 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-1957?
Check the references section above for vendor advisories and patch information. Affected products include: Easyscripts Tr Script News.