7.5
CVE-2008-2692
- EPSS 0.02%
- Published 13.06.2008 19:41:00
- Last modified 09.04.2025 00:30:58
- Source cve@mitre.org
- Teams watchlist Login
- Open Login
SQL injection vulnerability in the yvComment (com_yvcomment) component 1.16.0 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the ArticleID parameter in a comment action to index.php.
Data is provided by the National Vulnerability Database (NVD)
Joomla ≫ Com Yvcomment Version1.1
Joomla ≫ Com Yvcomment Version1.2
Joomla ≫ Com Yvcomment Version1.3
Joomla ≫ Com Yvcomment Version1.4
Joomla ≫ Com Yvcomment Version1.5
Joomla ≫ Com Yvcomment Version1.6
Joomla ≫ Com Yvcomment Version1.7
Joomla ≫ Com Yvcomment Version1.8
Joomla ≫ Com Yvcomment Version1.9
Joomla ≫ Com Yvcomment Version1.10
Joomla ≫ Com Yvcomment Version1.11
Joomla ≫ Com Yvcomment Version1.12
Joomla ≫ Com Yvcomment Version1.13
Joomla ≫ Com Yvcomment Version1.14
Joomla ≫ Com Yvcomment Version1.15
Joomla ≫ Com Yvcomment Version1.16
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
| Type | Source | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.02% | 0.039 |
| Source | Base Score | Exploit Score | Impact Score | Vector string |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.