Details of VAR-200904-0147

ID

VAR-200904-0147

CVE

CVE-2008-6720

TITLE

DeltaScripts PHP Links of admin/adm_login.php In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2009-003000

DESCRIPTION

SQL injection vulnerability in admin/adm_login.php in DeltaScripts PHP Links 1.3 and earlier allows remote attackers to execute arbitrary SQL commands via the admin_username parameter (aka the admin field). DeltaScripts PHP Links is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. PHP Links 1.3 is vulnerable; other versions may also be affected

Trust: 1.89

sources: NVD: CVE-2008-6720 // JVNDB: JVNDB-2009-003000 // BID: 32163

AFFECTED PRODUCTS

vendor:	deltascripts	model:	php links	scope:	lte	version:	1.3	Trust: 1.8
vendor:	deltascripts	model:	php links	scope:	eq	version:	1.3	Trust: 0.9

sources: BID: 32163 // JVNDB: JVNDB-2009-003000 // CNNVD: CNNVD-200904-254 // NVD: CVE-2008-6720

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2008-6720
value:	HIGH
Trust: 1.0
NVD:	CVE-2008-6720
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-200904-254
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2008-6720
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8

sources: JVNDB: JVNDB-2009-003000 // CNNVD: CNNVD-200904-254 // NVD: CVE-2008-6720

PROBLEMTYPE DATA

problemtype:

CWE-89

Trust: 1.8

sources: JVNDB: JVNDB-2009-003000 // NVD: CVE-2008-6720

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200904-254

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-200904-254

CONFIGURATIONS

sources: JVNDB: JVNDB-2009-003000

PATCH

title:

Top Page

url:

http://www.deltascripts.com/

Trust: 0.8

sources: JVNDB: JVNDB-2009-003000

EXTERNAL IDS

db:	NVD	id:	CVE-2008-6720	Trust: 2.7
db:	BID	id:	32163	Trust: 1.9
db:	EXPLOIT-DB	id:	7024	Trust: 1.6
db:	JVNDB	id:	JVNDB-2009-003000	Trust: 0.8
db:	MILW0RM	id:	7024	Trust: 0.6
db:	XF	id:	50392	Trust: 0.6
db:	CNNVD	id:	CNNVD-200904-254	Trust: 0.6

sources: BID: 32163 // JVNDB: JVNDB-2009-003000 // CNNVD: CNNVD-200904-254 // NVD: CVE-2008-6720

REFERENCES

url:	http://www.securityfocus.com/bid/32163	Trust: 1.6
url:	https://www.exploit-db.com/exploits/7024	Trust: 1.0
url:	https://exchange.xforce.ibmcloud.com/vulnerabilities/50392	Trust: 1.0
url:	http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2008-6720	Trust: 0.8
url:	http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2008-6720	Trust: 0.8
url:	http://xforce.iss.net/xforce/xfdb/50392	Trust: 0.6
url:	http://www.milw0rm.com/exploits/7024	Trust: 0.6
url:	http://www.deltascripts.com/phplinks	Trust: 0.3

sources: BID: 32163 // JVNDB: JVNDB-2009-003000 // CNNVD: CNNVD-200904-254 // NVD: CVE-2008-6720

CREDITS

ZoRLu

Trust: 0.9

sources: BID: 32163 // CNNVD: CNNVD-200904-254

SOURCES

db:	BID	id:	32163
db:	JVNDB	id:	JVNDB-2009-003000
db:	CNNVD	id:	CNNVD-200904-254
db:	NVD	id:	CVE-2008-6720

LAST UPDATE DATE

2025-04-10T23:11:16.563000+00:00

SOURCES UPDATE DATE

db:	BID	id:	32163	date:	2015-04-16T17:51:00
db:	JVNDB	id:	JVNDB-2009-003000	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200904-254	date:	2009-05-13T00:00:00
db:	NVD	id:	CVE-2008-6720	date:	2025-04-09T00:30:58.490

SOURCES RELEASE DATE

db:	BID	id:	32163	date:	2008-11-06T00:00:00
db:	JVNDB	id:	JVNDB-2009-003000	date:	2012-06-26T00:00:00
db:	CNNVD	id:	CNNVD-200904-254	date:	2009-04-13T00:00:00
db:	NVD	id:	CVE-2008-6720	date:	2009-04-13T15:30:00.360