CVE-2008-3359

SQL injection vulnerability in register.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.vupen.com/english/advisories/2008/2213
https://exchange.xforce.ibmcloud.com/vulnerabilities/44143
http://www.vupen.com/english/advisories/2008/2213
https://exchange.xforce.ibmcloud.com/vulnerabilities/44143

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:owl:intranet_knowledgebase::::::::
	cpe:2.3:a:owl:intranet_knowledgebase:0.94:::::::*

History

No history.

Information

Published : 2008-07-29 18:41

Updated : 2025-04-09 00:30

NVD link : CVE-2008-3359

Mitre link : CVE-2008-3359

CVE.ORG link : CVE-2008-3359

JSON object : View

Products Affected

owl

intranet_knowledgebase

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2008-3359", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2008-07-29T18:41:00.000", "references": [{"url": "http://www.vupen.com/english/advisories/2008/2213", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44143", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/2213", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44143", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in register.php in Steve Bourgeois and Chris Vincent Owl Intranet Knowledgebase 0.95 and earlier allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en register.php Steve Bourgeois y Chris Vincent Owl Intranet Knowledgebase 0.95 y versiones anteriores que permiten a los atacantes remotos ejecutar arbitrariamente comandos SQL a trav\u00e9s del par\u00e1metro username. NOTA: La procedencia de esta informaci\u00f3n es desconocida; los detalles ha sido obtenidos \u00fanicamente de informaci\u00f3n de terceros."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:owl:intranet_knowledgebase:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F33066B3-A4AB-4289-983C-F3CDCDB3508B", "versionEndIncluding": "0.95"}, {"criteria": "cpe:2.3:a:owl:intranet_knowledgebase:0.94:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DCC31E21-49E0-41D2-94DB-07B0AEBBFD87"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}