CVE-2008-2411 - Vulnerability Details - OpenCVE

SQL injection vulnerability in index.php in SazCart 1.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a details action.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

The EPSS score is 0.00935.

Key SSVC decision points have not yet been added.

Vendors	Products
Sazcart	Sazcart

Configuration 1 [-]

OR	cpe:2.3:a:sazcart:sazcart::::::::
	cpe:2.3:a:sazcart:sazcart:1.3:::::::*
	cpe:2.3:a:sazcart:sazcart:1.4:::::::*

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2008-2406	SQL injection vulnerability in index.php in SazCart 1.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a details action.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
http://secunia.com/advisories/30148
http://securityreason.com/securityalert/3900
http://www.securityfocus.com/archive/1/491892/100/0/threaded
http://www.securityfocus.com/bid/29129
https://exchange.xforce.ibmcloud.com/vulnerabilities/42542
https://www.exploit-db.com/exploits/5576

History

Sat, 12 Jul 2025 13:45:00 +0000

Type	Values Removed	Values Added
Metrics	epss `{'score': 0.0047}`	epss `{'score': 0.00935}`

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-05-22T10:00:00

Updated: 2024-08-07T08:58:02.594Z

Reserved: 2008-05-22T00:00:00

Link: CVE-2008-2411

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-05-22T13:09:00.000

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-2411

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-05-09T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in index.php in SazCart 1.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a details action."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "29129", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29129"}, {"name": "sazcart-prodid-sql-injection(42542)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42542"}, {"name": "20080509 SazCart <= 1.5.1 (prodid) Remote SQL Injection Exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/491892/100/0/threaded"}, {"name": "3900", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3900"}, {"name": "30148", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30148"}, {"name": "5576", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/5576"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2411", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL injection vulnerability in index.php in SazCart 1.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a details action."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "29129", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29129"}, {"name": "sazcart-prodid-sql-injection(42542)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42542"}, {"name": "20080509 SazCart <= 1.5.1 (prodid) Remote SQL Injection Exploit", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/491892/100/0/threaded"}, {"name": "3900", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3900"}, {"name": "30148", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30148"}, {"name": "5576", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/5576"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:58:02.594Z"}, "title": "CVE Program Container", "references": [{"name": "29129", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29129"}, {"name": "sazcart-prodid-sql-injection(42542)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42542"}, {"name": "20080509 SazCart <= 1.5.1 (prodid) Remote SQL Injection Exploit", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/491892/100/0/threaded"}, {"name": "3900", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3900"}, {"name": "30148", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30148"}, {"name": "5576", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/5576"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2411", "datePublished": "2008-05-22T10:00:00", "dateReserved": "2008-05-22T00:00:00", "dateUpdated": "2024-08-07T08:58:02.594Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:sazcart:sazcart:*:*:*:*:*:*:*:*", "matchCriteriaId": "FB9632BA-4BF3-4C59-922B-9D05C9EC0AAB", "versionEndIncluding": "1.5", "vulnerable": true}, {"criteria": "cpe:2.3:a:sazcart:sazcart:1.3:*:*:*:*:*:*:*", "matchCriteriaId": "C2B5C064-80C1-4295-B949-75EC26FF93E4", "vulnerable": true}, {"criteria": "cpe:2.3:a:sazcart:sazcart:1.4:*:*:*:*:*:*:*", "matchCriteriaId": "C370D171-8E54-4A7D-B512-0623D9FE767F", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in index.php in SazCart 1.5.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the prodid parameter in a details action."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en index.php en SazCart 1.5.1 y anteriores, cuando est\u00e1n las magic_quotes desactivadas, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro prodid en una acci\u00f3n de detalle."}], "id": "CVE-2008-2411", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-05-22T13:09:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30148"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3900"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/491892/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/29129"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42542"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/5576"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30148"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securityreason.com/securityalert/3900"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/491892/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/29129"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42542"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/5576"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}