Details of VAR-200802-0354

ID

VAR-200802-0354

CVE

CVE-2008-0565

TITLE

DeltaScripts PHP Links 'vote.php' SQL Injection Vulnerability

Trust: 0.9

sources: BID: 27530 // CNNVD: CNNVD-200802-055

DESCRIPTION

SQL injection vulnerability in vote.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. This issue affects PHP Links 1.3 and prior versions. ---------------------------------------------------------------------- A new version (0.9.0.0 - Release Candidate 1) of the free Secunia PSI has been released. The new version includes many new and advanced features, which makes it even easier to stay patched. Input passed to the "id" parameter in vote.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation allows e.g. retrieving usernames and password hashes, but requires knowledge of the database table prefix. The vulnerability is confirmed in version 1.3. Other versions may also be affected. SOLUTION: Edit the source code to ensure that input is properly sanitised. PROVIDED AND/OR DISCOVERED BY: Houssamix ORIGINAL ADVISORY: http://milw0rm.com/exploits/5021 ---------------------------------------------------------------------- About: This Advisory was delivered by Secunia as a free service to help everybody keeping their systems up to date against the latest vulnerabilities. Subscribe: http://secunia.com/secunia_security_advisories/ Definitions: (Criticality, Where etc.) http://secunia.com/about_secunia_advisories/ Please Note: Secunia recommends that you verify all advisories you receive by clicking the link. Secunia NEVER sends attached files with advisories. Secunia does not advise people to install third party patches, only use those supplied by the vendor. ---------------------------------------------------------------------- Unsubscribe: Secunia Security Advisories http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org ----------------------------------------------------------------------

Trust: 1.98

sources: NVD: CVE-2008-0565 // JVNDB: JVNDB-2008-002680 // BID: 27530 // PACKETSTORM: 63159

AFFECTED PRODUCTS

vendor:	deltascripts	model:	php links	scope:	lte	version:	1.3	Trust: 1.8
vendor:	deltascripts	model:	php links	scope:	eq	version:	1.3	Trust: 0.9

sources: BID: 27530 // JVNDB: JVNDB-2008-002680 // CNNVD: CNNVD-200802-055 // NVD: CVE-2008-0565

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-0565
value:	MEDIUM
Trust: 1.0
NVD:	CVE-2008-0565
value:	MEDIUM
Trust: 0.8
CNNVD:	CNNVD-200802-055
value:	MEDIUM
Trust: 0.6

nvd@nist.gov:	CVE-2008-0565
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2008-002680 // CNNVD: CNNVD-200802-055 // NVD: CVE-2008-0565

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.8

sources: JVNDB: JVNDB-2008-002680 // NVD: CVE-2008-0565

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200802-055

TYPE

sql injection

Trust: 0.7

sources: PACKETSTORM: 63159 // CNNVD: CNNVD-200802-055

CONFIGURATIONS

sources: JVNDB: JVNDB-2008-002680

PATCH

title:

Top Page

url:

http://www.deltascripts.com/

Trust: 0.8

sources: JVNDB: JVNDB-2008-002680

EXTERNAL IDS

db:	NVD	id:	CVE-2008-0565	Trust: 2.7
db:	BID	id:	27530	Trust: 1.9
db:	SECUNIA	id:	28727	Trust: 1.8
db:	EXPLOIT-DB	id:	5021	Trust: 1.7
db:	OSVDB	id:	40840	Trust: 1.6
db:	JVNDB	id:	JVNDB-2008-002680	Trust: 0.8
db:	MILW0RM	id:	5021	Trust: 0.6
db:	CNNVD	id:	CNNVD-200802-055	Trust: 0.6
db:	PACKETSTORM	id:	63159	Trust: 0.1

sources: BID: 27530 // JVNDB: JVNDB-2008-002680 // PACKETSTORM: 63159 // CNNVD: CNNVD-200802-055 // NVD: CVE-2008-0565

REFERENCES

url:	http://www.securityfocus.com/bid/27530	Trust: 1.6
url:	http://secunia.com/advisories/28727	Trust: 1.6
url:	http://osvdb.org/40840	Trust: 1.6
url:	https://www.exploit-db.com/exploits/5021	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-0565	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-0565	Trust: 0.8
url:	http://www.milw0rm.com/exploits/5021	Trust: 0.6
url:	http://www.deltascripts.com/phplinks	Trust: 0.3
url:	http://secunia.com/advisories/28727/	Trust: 0.1
url:	http://secunia.com/secunia_security_advisories/	Trust: 0.1
url:	http://secunia.com/product/17403/	Trust: 0.1
url:	https://psi.secunia.com/?page=changelog	Trust: 0.1
url:	https://psi.secunia.com/	Trust: 0.1
url:	http://milw0rm.com/exploits/5021	Trust: 0.1
url:	http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org	Trust: 0.1
url:	http://secunia.com/about_secunia_advisories/	Trust: 0.1

sources: BID: 27530 // JVNDB: JVNDB-2008-002680 // PACKETSTORM: 63159 // CNNVD: CNNVD-200802-055 // NVD: CVE-2008-0565

CREDITS

Houssamix from H-T Team discovered this issue.

Trust: 0.9

sources: BID: 27530 // CNNVD: CNNVD-200802-055

SOURCES

db:	BID	id:	27530
db:	JVNDB	id:	JVNDB-2008-002680
db:	PACKETSTORM	id:	63159
db:	CNNVD	id:	CNNVD-200802-055
db:	NVD	id:	CVE-2008-0565

LAST UPDATE DATE

2025-04-10T23:15:49.284000+00:00

SOURCES UPDATE DATE

db:	BID	id:	27530	date:	2015-05-07T17:33:00
db:	JVNDB	id:	JVNDB-2008-002680	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200802-055	date:	2008-09-05T00:00:00
db:	NVD	id:	CVE-2008-0565	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	BID	id:	27530	date:	2008-01-30T00:00:00
db:	JVNDB	id:	JVNDB-2008-002680	date:	2012-06-26T00:00:00
db:	PACKETSTORM	id:	63159	date:	2008-02-01T01:56:43
db:	CNNVD	id:	CNNVD-200802-055	date:	2008-02-04T00:00:00
db:	NVD	id:	CVE-2008-0565	date:	2008-02-05T02:00:00