CVE-2008-4620

critical

Description

SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php.

References

https://www.exploit-db.com/exploits/6781

https://exchange.xforce.ibmcloud.com/vulnerabilities/45972

http://www.vupen.com/english/advisories/2008/2865

http://www.securityfocus.com/bid/31809

http://securityreason.com/securityalert/4450

Details

Source: Mitre, NVD

Published: 2008-10-21

Updated: 2017-09-29

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

Detections

Analytics