CVE-2008-7085

Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS Online 2.0 Basic and Advanced allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the viewpage action to the default URI, probably index.php, or (2) divid parameter in the schedule action to index.php.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/30248	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/43852
https://www.exploit-db.com/exploits/6084
http://www.securityfocus.com/bid/30248	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/43852
https://www.exploit-db.com/exploits/6084

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:thehockeystop:hockeystats_online:2.0::advanced:::::
	cpe:2.3:a:thehockeystop:hockeystats_online:2.0::basic:::::

History

No history.

Information

Published : 2009-08-26 14:24

Updated : 2025-04-09 00:30

NVD link : CVE-2008-7085

Mitre link : CVE-2008-7085

CVE.ORG link : CVE-2008-7085

JSON object : View

Products Affected

thehockeystop

hockeystats_online

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2008-7085", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-08-26T14:24:16.877", "references": [{"url": "http://www.securityfocus.com/bid/30248", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43852", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/6084", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/30248", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/43852", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.exploit-db.com/exploits/6084", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in TheHockeyStop HockeySTATS Online 2.0 Basic and Advanced allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in the viewpage action to the default URI, probably index.php, or (2) divid parameter in the schedule action to index.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en Maian Greetings v2.0 Basic y Advanced, permite a atacantes remotos ejecutar secuencias de comandos SQL de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) \"id\" en una acci\u00f3n viewpage a la URI por defecto, probablemente index.php, o (2) \"divid\" en una acci\u00f3n schedule a index.php."}], "lastModified": "2025-04-09T00:30:58.490", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:thehockeystop:hockeystats_online:2.0:*:advanced:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D45D14DD-701E-440E-8759-CD697E3ACF7B"}, {"criteria": "cpe:2.3:a:thehockeystop:hockeystats_online:2.0:*:basic:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F7805DAA-6BCD-4B7C-946C-AD447B2947E1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}