CyberSec.Space Logo
CVEブラウザに戻る

CVE-2008-6525

HIGH
7.5
CVSS Severity Score
EPSS Score0.1290%
EPSS Percentile24.33th
Published2009年3月25日
Last Modified2026年4月23日

Vulnerability Description

SQL injection vulnerability in the Admin Panel in Nice PHP FAQ Script (Knowledge base Script) allows remote attackers to execute arbitrary SQL commands via the Password parameter (aka the pass field).

Affected Platforms (CPE)

📦
Nicephpscripts

Nice Php Faq Script

All versions

References & Advisories

🔗 http://www.securityfocus.com/bid/32150
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/46402
🔗 https://www.exploit-db.com/exploits/7018
🔗 http://www.securityfocus.com/bid/32150
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/46402
🔗 https://www.exploit-db.com/exploits/7018

関連する脆弱性情報

CVE-2017-159889.8

Nice PHP FAQ Script allows SQL Injection via the index.php nice_theme parameter, a different vulnerability than CVE-2008-6525.

CVE-2008-535310.0

The Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 16 and earlier; and SDK and...

CVE-2008-665110.0

Static code injection vulnerability in edithistory.php in OxYProject OxYBox 0.85 allows remote attackers to inject arbitrary PHP c...

CVE-2008-535510.0

The "Java Update" feature for Java Runtime Environment (JRE) for Sun JDK and JRE 6 Update 10 and earlier; JDK and JRE 5.0 Update 1...