fkie_nvd - fkie_cve-2008-4655

fkie_cve-2008-4655

Vulnerability from fkie_nvd

Published

2008-10-22 00:11

Modified

2025-04-09 00:30

Severity ?

Summary

SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

References

URL	Tags
cve@mitre.org	http://secunia.com/advisories/32369	Vendor Advisory
cve@mitre.org	http://typo3.org/extensions/repository/view/simplesurvey/1.8.1/	Patch
cve@mitre.org	http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/	Patch
cve@mitre.org	http://www.vupen.com/english/advisories/2008/2870
af854a3a-2127-422b-91ae-364da2661108	http://secunia.com/advisories/32369	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://typo3.org/extensions/repository/view/simplesurvey/1.8.1/	Patch
af854a3a-2127-422b-91ae-364da2661108	http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/	Patch
af854a3a-2127-422b-91ae-364da2661108	http://www.vupen.com/english/advisories/2008/2870

Impacted products

Vendor	Product	Version
typo3	typo3	*
typo3	simplesurvey	*
typo3	simplesurvey	1.0.0
typo3	simplesurvey	1.0.1
typo3	simplesurvey	1.0.2
typo3	simplesurvey	1.0.3
typo3	simplesurvey	1.0.4
typo3	simplesurvey	1.0.5
typo3	simplesurvey	1.1.0
typo3	simplesurvey	1.1.1
typo3	simplesurvey	1.2.1
typo3	simplesurvey	1.2.2
typo3	simplesurvey	1.2.3
typo3	simplesurvey	1.2.4
typo3	simplesurvey	1.2.5
typo3	simplesurvey	1.3.0
typo3	simplesurvey	1.3.1
typo3	simplesurvey	1.4.0
typo3	simplesurvey	1.5.0
typo3	simplesurvey	1.5.1
typo3	simplesurvey	1.5.2
typo3	simplesurvey	1.5.3
typo3	simplesurvey	1.5.4
typo3	simplesurvey	1.6.0

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:typo3:typo3:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "5F1C59B0-CDF2-4F9A-88C7-61E8F18590DB",
              "vulnerable": false
            }
          ],
          "negate": false,
          "operator": "OR"
        },
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:typo3:simplesurvey:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4F242896-9360-4B38-87B5-C6A03FF73B3D",
              "versionEndIncluding": "1.7.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:simplesurvey:1.0.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "BFE067F4-7FCE-44AF-8E38-0A9F4B094F73",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:simplesurvey:1.0.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "E65DEE3B-33D3-442D-B9E8-36585F00357E",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:simplesurvey:1.0.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "3BB4840E-BBED-4EAB-AA04-F3193F815735",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:simplesurvey:1.0.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "484497FB-51D0-47B0-9405-242018F52227",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:simplesurvey:1.0.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "8A74E26A-94CA-4C4F-A792-64A5730811BC",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:simplesurvey:1.0.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "98C7822E-E935-4B51-8A41-8C99A09AA035",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:simplesurvey:1.1.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "EC1145E3-04DC-4D7F-A9DE-C4ADE6587D77",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:simplesurvey:1.1.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "9B2C8D35-7CAB-4A06-A467-1542FA794698",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:simplesurvey:1.2.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "C2186BEA-84A8-4845-BE7B-5B689AA4F619",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:simplesurvey:1.2.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "C851842A-E114-447A-89FE-F35442358A9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:simplesurvey:1.2.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "19CB2DEB-A82F-4A02-97BA-5E4B1F65B3E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:simplesurvey:1.2.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "9FF96F1B-16AE-4DB5-A228-B54935D69C34",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:simplesurvey:1.2.5:*:*:*:*:*:*:*",
              "matchCriteriaId": "CBB5372C-1710-4668-8B49-4CB71C61EF9D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:simplesurvey:1.3.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "E9F8083E-752F-43A3-9F71-F367C5A068C0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:simplesurvey:1.3.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "02DE3588-4A36-494C-8AC7-D6A850AA7326",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:simplesurvey:1.4.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "69740413-1D55-4A41-A8DB-C41F244BC586",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:simplesurvey:1.5.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "FFF167AC-30F2-4E8E-97F6-9ACCF084879C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:simplesurvey:1.5.1:*:*:*:*:*:*:*",
              "matchCriteriaId": "7F1C4862-BCB6-4A98-AFDD-929044FB469D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:simplesurvey:1.5.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "117AF0F4-073D-42DD-8A2A-5BB9AA1C740F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:simplesurvey:1.5.3:*:*:*:*:*:*:*",
              "matchCriteriaId": "08C7EB07-A982-48DC-BDC4-E077EB8E4EE4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:simplesurvey:1.5.4:*:*:*:*:*:*:*",
              "matchCriteriaId": "60D3B378-1549-466B-831A-3DA955E78308",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:typo3:simplesurvey:1.6.0:*:*:*:*:*:*:*",
              "matchCriteriaId": "A602B7CA-8A9A-42E3-9F8B-11F9167EA8EF",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ],
      "operator": "AND"
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "SQL injection vulnerability in the Simple survey (simplesurvey) 1.7.0 and earlier extension for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors."
    },
    {
      "lang": "es",
      "value": "Vulnerabilidad de inyecci\u00f3n SQL en Simple survey (simplesurvey) 1.7.0 y versiones anteriores,  extensi\u00f3n para TYPO3, que permite a los atacantes remotos ejecutar arbitrariamente comandos SQL a trav\u00e9s de vectores no especificados."
    }
  ],
  "id": "CVE-2008-4655",
  "lastModified": "2025-04-09T00:30:58.490",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "HIGH",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 7.5,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": true,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2008-10-22T00:11:51.163",
  "references": [
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32369"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://typo3.org/extensions/repository/view/simplesurvey/1.8.1/"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Patch"
      ],
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.vupen.com/english/advisories/2008/2870"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://secunia.com/advisories/32369"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://typo3.org/extensions/repository/view/simplesurvey/1.8.1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "http://typo3.org/teams/security/security-bulletins/typo3-20081020-1/"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.vupen.com/english/advisories/2008/2870"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-89"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CVE-2008-4655 (GCVE-0-2008-4655)

Vulnerability from cvelistv5

Published

2008-10-21 22:00