CVE-2008-6153

SQL injection vulnerability in Photo.asp in Jay Patel Pixel8 Web Photo Album 3.0 allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://secunia.com/advisories/33373	Vendor Advisory
http://www.securityfocus.com/bid/33069	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/47662
https://www.exploit-db.com/exploits/7627
http://secunia.com/advisories/33373	Vendor Advisory
http://www.securityfocus.com/bid/33069	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/47662
https://www.exploit-db.com/exploits/7627

Configurations

Configuration 1 (hide)

cpe:2.3:a:jayeshp:pixel8_web_photo_album:3.0:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-02-16 17:30

Updated : 2025-04-09 00:30

NVD link : CVE-2008-6153

Mitre link : CVE-2008-6153

CVE.ORG link : CVE-2008-6153

JSON object : View

Products Affected

jayeshp

pixel8_web_photo_album

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2008-6153", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2009-02-16T17:30:04.920", "references": [{"url": "http://secunia.com/advisories/33373", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/33069", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47662", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/7627", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/33373", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/33069", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/47662", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/7627", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in Photo.asp in Jay Patel Pixel8 Web Photo Album 3.0 allows remote attackers to execute arbitrary SQL commands via the AlbumID parameter."}, {"lang": "es", "value": "Una vulnerabilidad de inyecci\u00f3n SQL en Photo.asp en Jay Patel Pixel8 Web Photo Album 3.0 permite a atacantes remotos ejecutar comandos SQL a trav\u00e9s del par\u00e1metro AlbumID."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:jayeshp:pixel8_web_photo_album:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D7FF300A-3594-46DC-9B86-1F5A277A2E51"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}