CVE-2008-5813

SQL injection vulnerability in inc/rubriques.php in SPIP 1.8 before 1.8.3b, 1.9 before 1.9.2g, and 2.0 before 2.0.2 allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: some of these details are obtained from third party information.

Published: Jan 2, 2009
Updated: Apr 13, 2023
CVE: CVE-2008-5813
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
spip / spip	2.0.0	2.0.0.x
spip / spip	1.8b3	1.8b3.x
spip / spip	1.9.2	1.9.2.x
spip / spip	1.9.2f	1.9.2f.x
spip / spip	1.8	1.8.x
spip / spip	1.8.1	1.8.1.x
spip / spip	1.9.1-rev7502	1.9.1-rev7502.x
spip / spip	1.8.2b	1.8.2b.x
spip / spip	1.8b6	1.8b6.x
spip / spip	1.8.2	1.8.2.x
spip / spip	1.8.3	1.8.3.x
spip / spip	1.8b4	1.8b4.x
spip / spip	1.8b2	1.8b2.x
spip / spip	2.0.1	2.0.1.x
spip / spip	1.9.0	1.9.0.x
spip / spip	1.8b1	1.8b1.x
spip / spip	1.9.1-rev7385	1.9.1-rev7385.x
spip / spip	1.8b5	1.8b5.x

http://secunia.com/advisories/33307
http://www.securityfocus.com/bid/33021
http://www.securityfocus.com/bid/33061
http://www.spip-contrib.net/SPIP-1-8-3b-1-9-2g-2-2
https://exchange.xforce.ibmcloud.com/vulnerabilities/47626
https://exchange.xforce.ibmcloud.com/vulnerabilities/47695

Vulnerability Database

CVE-2008-5813