CVE-2008-6020 : Detail

CVE-2008-6020

SQL Injection
A03-Injection
0.52%V3
Network
2009-02-02
20h29 +00:00
2017-08-07
10h57 +00:00
Notifications for a CVE
Stay informed of any changes for a specific CVE.
Notifications manage

CVE Descriptions

SQL injection vulnerability in the Views module 6.x before 6.x-2.2 for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "an exposed filter on CCK text fields."

CVE Informations

Related Weaknesses

CWE-ID Weakness Name Source
CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
The product constructs all or part of an SQL command using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the intended SQL command when it is sent to a downstream component. Without sufficient removal or quoting of SQL syntax in user-controllable inputs, the generated SQL query can cause those inputs to be interpreted as SQL instead of ordinary user data.

Metrics

Metrics Score Severity CVSS Vector Source
V2 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P nvd@nist.gov

EPSS

EPSS is a scoring model that predicts the likelihood of a vulnerability being exploited.

EPSS Score

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.
EPSS V0
EPSS V1
EPSS V2
EPSS V3
1.411.411.211.211.011.010.820.820.620.620.420.421.41%1.41%1.41%1.41%1.41%0.42%0.42%0.42%0.46%0.46%0.46%0.48%0.52%Jul '22Jul '2220232023Jul '23Jul '2320242024Jul '24Jul '2420252025
Download SVG
Download PNG
Download CSV

EPSS Percentile

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.
848477777070636356564949424250%51%71%72%73%73%71%72%75%75%76%76%77%Jul '22Jul '2220232023Jul '23Jul '2320242024Jul '24Jul '2420252025
Download SVG
Download PNG
Download CSV

Products Mentioned

Configuraton 0

Drupal>>Views >> Version To (including) 6.x-2.1

    Drupal>>Views >> Version 6.x-2.0

      Drupal>>Drupal >> Version *

      References

      http://drupal.org/node/348321
      Tags : x_refsource_CONFIRM
      http://www.securityfocus.com/bid/32895
      Tags : vdb-entry, x_refsource_BID
      http://secunia.com/advisories/33225
      Tags : third-party-advisory, x_refsource_SECUNIA
      http://osvdb.org/50795
      Tags : vdb-entry, x_refsource_OSVDB
      http://secunia.com/advisories/33289
      Tags : third-party-advisory, x_refsource_SECUNIA
      http://drupal.org/node/347831
      Tags : x_refsource_CONFIRM