Vulnerabilites related to mrbs - mrbs
cve-2008-3565
Vulnerability from cvelistv5
Published
2008-08-10 20:00
Modified
2024-08-07 09:45
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
http://www.securityfocus.com/bid/30531/exploitx_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/44188vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/30531vdb-entry, x_refsource_BID
http://secunia.com/advisories/31355third-party-advisory, x_refsource_SECUNIA
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T09:45:18.833Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  tags: [
                     "x_refsource_MISC",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/30531/exploit",
               },
               {
                  name: "mrbs-area-xss(44188)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44188",
               },
               {
                  name: "30531",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/30531",
               },
               {
                  name: "31355",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/31355",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2008-08-04T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-08-07T12:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               tags: [
                  "x_refsource_MISC",
               ],
               url: "http://www.securityfocus.com/bid/30531/exploit",
            },
            {
               name: "mrbs-area-xss(44188)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44188",
            },
            {
               name: "30531",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/30531",
            },
            {
               name: "31355",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/31355",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2008-3565",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "http://www.securityfocus.com/bid/30531/exploit",
                     refsource: "MISC",
                     url: "http://www.securityfocus.com/bid/30531/exploit",
                  },
                  {
                     name: "mrbs-area-xss(44188)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44188",
                  },
                  {
                     name: "30531",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/30531",
                  },
                  {
                     name: "31355",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/31355",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2008-3565",
      datePublished: "2008-08-10T20:00:00",
      dateReserved: "2008-08-10T00:00:00",
      dateUpdated: "2024-08-07T09:45:18.833Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2008-4620
Vulnerability from cvelistv5
Published
2008-10-21 00:00
Modified
2024-08-07 10:24
Severity ?
Summary
SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php.
References
http://www.vupen.com/english/advisories/2008/2865vdb-entry, x_refsource_VUPEN
http://securityreason.com/securityalert/4450third-party-advisory, x_refsource_SREASON
https://exchange.xforce.ibmcloud.com/vulnerabilities/45972vdb-entry, x_refsource_XF
http://www.securityfocus.com/bid/31809vdb-entry, x_refsource_BID
https://www.exploit-db.com/exploits/6781exploit, x_refsource_EXPLOIT-DB
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T10:24:20.453Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "ADV-2008-2865",
                  tags: [
                     "vdb-entry",
                     "x_refsource_VUPEN",
                     "x_transferred",
                  ],
                  url: "http://www.vupen.com/english/advisories/2008/2865",
               },
               {
                  name: "4450",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SREASON",
                     "x_transferred",
                  ],
                  url: "http://securityreason.com/securityalert/4450",
               },
               {
                  name: "mrbs-area-sql-injection(45972)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45972",
               },
               {
                  name: "31809",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/31809",
               },
               {
                  name: "6781",
                  tags: [
                     "exploit",
                     "x_refsource_EXPLOIT-DB",
                     "x_transferred",
                  ],
                  url: "https://www.exploit-db.com/exploits/6781",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2008-10-18T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2017-09-28T12:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "ADV-2008-2865",
               tags: [
                  "vdb-entry",
                  "x_refsource_VUPEN",
               ],
               url: "http://www.vupen.com/english/advisories/2008/2865",
            },
            {
               name: "4450",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SREASON",
               ],
               url: "http://securityreason.com/securityalert/4450",
            },
            {
               name: "mrbs-area-sql-injection(45972)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45972",
            },
            {
               name: "31809",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/31809",
            },
            {
               name: "6781",
               tags: [
                  "exploit",
                  "x_refsource_EXPLOIT-DB",
               ],
               url: "https://www.exploit-db.com/exploits/6781",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2008-4620",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "ADV-2008-2865",
                     refsource: "VUPEN",
                     url: "http://www.vupen.com/english/advisories/2008/2865",
                  },
                  {
                     name: "4450",
                     refsource: "SREASON",
                     url: "http://securityreason.com/securityalert/4450",
                  },
                  {
                     name: "mrbs-area-sql-injection(45972)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45972",
                  },
                  {
                     name: "31809",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/31809",
                  },
                  {
                     name: "6781",
                     refsource: "EXPLOIT-DB",
                     url: "https://www.exploit-db.com/exploits/6781",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2008-4620",
      datePublished: "2008-10-21T00:00:00",
      dateReserved: "2008-10-20T00:00:00",
      dateUpdated: "2024-08-07T10:24:20.453Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

cve-2007-6538
Vulnerability from cvelistv5
Published
2007-12-27 23:00
Modified
2024-08-07 16:11
Severity ?
Summary
SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.
References
Impacted products
Vendor Product Version
n/a n/a Version: n/a
Show details on NVD website


{
   containers: {
      adp: [
         {
            providerMetadata: {
               dateUpdated: "2024-08-07T16:11:06.049Z",
               orgId: "af854a3a-2127-422b-91ae-364da2661108",
               shortName: "CVE",
            },
            references: [
               {
                  name: "28198",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SECUNIA",
                     "x_transferred",
                  ],
                  url: "http://secunia.com/advisories/28198",
               },
               {
                  name: "20071222 Re: Re: Moodle SQL Injection",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/485459/100/200/threaded",
               },
               {
                  name: "20071222 Re: Moodle SQL Injection",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/485455/100/200/threaded",
               },
               {
                  name: "3492",
                  tags: [
                     "third-party-advisory",
                     "x_refsource_SREASON",
                     "x_transferred",
                  ],
                  url: "http://securityreason.com/securityalert/3492",
               },
               {
                  name: "39619",
                  tags: [
                     "vdb-entry",
                     "x_refsource_OSVDB",
                     "x_transferred",
                  ],
                  url: "http://osvdb.org/39619",
               },
               {
                  name: "moodle-viewentry-sql-injection(39190)",
                  tags: [
                     "vdb-entry",
                     "x_refsource_XF",
                     "x_transferred",
                  ],
                  url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39190",
               },
               {
                  tags: [
                     "x_refsource_CONFIRM",
                     "x_transferred",
                  ],
                  url: "http://cvs.moodle.org/contrib/plugins/blocks/mrbs/web/view_entry.php?r1=1.1&r2=1.2",
               },
               {
                  name: "20071221 Moodle SQL Injection",
                  tags: [
                     "mailing-list",
                     "x_refsource_BUGTRAQ",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/archive/1/485434/100/0/threaded",
               },
               {
                  name: "26977",
                  tags: [
                     "vdb-entry",
                     "x_refsource_BID",
                     "x_transferred",
                  ],
                  url: "http://www.securityfocus.com/bid/26977",
               },
            ],
            title: "CVE Program Container",
         },
      ],
      cna: {
         affected: [
            {
               product: "n/a",
               vendor: "n/a",
               versions: [
                  {
                     status: "affected",
                     version: "n/a",
                  },
               ],
            },
         ],
         datePublic: "2007-12-21T00:00:00",
         descriptions: [
            {
               lang: "en",
               value: "SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.",
            },
         ],
         problemTypes: [
            {
               descriptions: [
                  {
                     description: "n/a",
                     lang: "en",
                     type: "text",
                  },
               ],
            },
         ],
         providerMetadata: {
            dateUpdated: "2018-10-15T20:57:01",
            orgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
            shortName: "mitre",
         },
         references: [
            {
               name: "28198",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SECUNIA",
               ],
               url: "http://secunia.com/advisories/28198",
            },
            {
               name: "20071222 Re: Re: Moodle SQL Injection",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/485459/100/200/threaded",
            },
            {
               name: "20071222 Re: Moodle SQL Injection",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/485455/100/200/threaded",
            },
            {
               name: "3492",
               tags: [
                  "third-party-advisory",
                  "x_refsource_SREASON",
               ],
               url: "http://securityreason.com/securityalert/3492",
            },
            {
               name: "39619",
               tags: [
                  "vdb-entry",
                  "x_refsource_OSVDB",
               ],
               url: "http://osvdb.org/39619",
            },
            {
               name: "moodle-viewentry-sql-injection(39190)",
               tags: [
                  "vdb-entry",
                  "x_refsource_XF",
               ],
               url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39190",
            },
            {
               tags: [
                  "x_refsource_CONFIRM",
               ],
               url: "http://cvs.moodle.org/contrib/plugins/blocks/mrbs/web/view_entry.php?r1=1.1&r2=1.2",
            },
            {
               name: "20071221 Moodle SQL Injection",
               tags: [
                  "mailing-list",
                  "x_refsource_BUGTRAQ",
               ],
               url: "http://www.securityfocus.com/archive/1/485434/100/0/threaded",
            },
            {
               name: "26977",
               tags: [
                  "vdb-entry",
                  "x_refsource_BID",
               ],
               url: "http://www.securityfocus.com/bid/26977",
            },
         ],
         x_legacyV4Record: {
            CVE_data_meta: {
               ASSIGNER: "cve@mitre.org",
               ID: "CVE-2007-6538",
               STATE: "PUBLIC",
            },
            affects: {
               vendor: {
                  vendor_data: [
                     {
                        product: {
                           product_data: [
                              {
                                 product_name: "n/a",
                                 version: {
                                    version_data: [
                                       {
                                          version_value: "n/a",
                                       },
                                    ],
                                 },
                              },
                           ],
                        },
                        vendor_name: "n/a",
                     },
                  ],
               },
            },
            data_format: "MITRE",
            data_type: "CVE",
            data_version: "4.0",
            description: {
               description_data: [
                  {
                     lang: "eng",
                     value: "SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.",
                  },
               ],
            },
            problemtype: {
               problemtype_data: [
                  {
                     description: [
                        {
                           lang: "eng",
                           value: "n/a",
                        },
                     ],
                  },
               ],
            },
            references: {
               reference_data: [
                  {
                     name: "28198",
                     refsource: "SECUNIA",
                     url: "http://secunia.com/advisories/28198",
                  },
                  {
                     name: "20071222 Re: Re: Moodle SQL Injection",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/485459/100/200/threaded",
                  },
                  {
                     name: "20071222 Re: Moodle SQL Injection",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/485455/100/200/threaded",
                  },
                  {
                     name: "3492",
                     refsource: "SREASON",
                     url: "http://securityreason.com/securityalert/3492",
                  },
                  {
                     name: "39619",
                     refsource: "OSVDB",
                     url: "http://osvdb.org/39619",
                  },
                  {
                     name: "moodle-viewentry-sql-injection(39190)",
                     refsource: "XF",
                     url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39190",
                  },
                  {
                     name: "http://cvs.moodle.org/contrib/plugins/blocks/mrbs/web/view_entry.php?r1=1.1&r2=1.2",
                     refsource: "CONFIRM",
                     url: "http://cvs.moodle.org/contrib/plugins/blocks/mrbs/web/view_entry.php?r1=1.1&r2=1.2",
                  },
                  {
                     name: "20071221 Moodle SQL Injection",
                     refsource: "BUGTRAQ",
                     url: "http://www.securityfocus.com/archive/1/485434/100/0/threaded",
                  },
                  {
                     name: "26977",
                     refsource: "BID",
                     url: "http://www.securityfocus.com/bid/26977",
                  },
               ],
            },
         },
      },
   },
   cveMetadata: {
      assignerOrgId: "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
      assignerShortName: "mitre",
      cveId: "CVE-2007-6538",
      datePublished: "2007-12-27T23:00:00",
      dateReserved: "2007-12-27T00:00:00",
      dateUpdated: "2024-08-07T16:11:06.049Z",
      state: "PUBLISHED",
   },
   dataType: "CVE_RECORD",
   dataVersion: "5.1",
}

Vulnerability from fkie_nvd
Published
2007-12-27 23:46
Modified
2024-11-21 00:40
Severity ?
Summary
SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.
Impacted products
Vendor Product Version
mrbs mrbs 1.2.3
mrbs mrbs 1.2.5
moodle moodle *



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:1.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6F6CA38-FC9C-4E94-8506-E2127CD9E324",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:1.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "58A3759C-D905-4D4B-907F-6BF278F8413D",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "9A17F6CB-1A34-4EC9-A8D4-F4BC5E00F3F2",
                     vulnerable: false,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
         operator: "AND",
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.",
      },
      {
         lang: "es",
         value: "Una vulnerabilidad de inyección SQL en el archivo ing/blocks/mrbs/code/web/view_entry.php en el plugin MRBS para Moodle, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio del parámetro id.",
      },
   ],
   id: "CVE-2007-6538",
   lastModified: "2024-11-21T00:40:23.643",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: true,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2007-12-27T23:46:00.000",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://cvs.moodle.org/contrib/plugins/blocks/mrbs/web/view_entry.php?r1=1.1&r2=1.2",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://osvdb.org/39619",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/28198",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://securityreason.com/securityalert/3492",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/archive/1/485434/100/0/threaded",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/archive/1/485455/100/200/threaded",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/archive/1/485459/100/200/threaded",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/bid/26977",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39190",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://cvs.moodle.org/contrib/plugins/blocks/mrbs/web/view_entry.php?r1=1.1&r2=1.2",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://osvdb.org/39619",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/28198",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://securityreason.com/securityalert/3492",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/485434/100/0/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/485455/100/200/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/archive/1/485459/100/200/threaded",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/bid/26977",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/39190",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2008-10-21 01:18
Modified
2024-11-21 00:52
Severity ?
Summary
SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php.
Impacted products
Vendor Product Version
mrbs mrbs *
mrbs mrbs 0.5
mrbs mrbs 0.6
mrbs mrbs 0.7
mrbs mrbs 0.8
mrbs mrbs 0.8
mrbs mrbs 0.8
mrbs mrbs 0.8
mrbs mrbs 0.8
mrbs mrbs 0.8
mrbs mrbs 0.8
mrbs mrbs 0.9
mrbs mrbs 0.9
mrbs mrbs 0.9.1
mrbs mrbs 0.9.2
mrbs mrbs 1.0
mrbs mrbs 1.0
mrbs mrbs 1.0
mrbs mrbs 1.1
mrbs mrbs 1.1
mrbs mrbs 1.1
mrbs mrbs 1.2
mrbs mrbs 1.2
mrbs mrbs 1.2
mrbs mrbs 1.2
mrbs mrbs 1.2.1
mrbs mrbs 1.2.2
mrbs mrbs 1.2.3
mrbs mrbs 1.2.4
mrbs mrbs 1.2.5
mrbs mrbs 1.2.6.1



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:*:*:*:*:*:*:*:*",
                     matchCriteriaId: "6E9662ED-8498-46F1-AA92-D9D2871472CF",
                     versionEndIncluding: "1.2.6",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:0.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "CFAE9473-63D8-4F62-9198-9047B414BC86",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:0.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "F2B623EF-8577-4B8A-B4EE-5B3B54BE7F68",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:0.7:*:*:*:*:*:*:*",
                     matchCriteriaId: "0DFDB3DE-E235-4D14-BE58-72EA88D4F36B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:0.8:*:*:*:*:*:*:*",
                     matchCriteriaId: "47EADF68-66EC-4451-A725-AC736E3D57F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:0.8:pre1:*:*:*:*:*:*",
                     matchCriteriaId: "EABFB18E-5D50-46FD-9797-2818640509F4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:0.8:pre2:*:*:*:*:*:*",
                     matchCriteriaId: "FD2A1F3C-28AC-43CD-B672-68609FE34C0B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:0.8:pre3:*:*:*:*:*:*",
                     matchCriteriaId: "82FD3EBE-A1B5-443D-BB4E-85989574165C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:0.8:pre4:*:*:*:*:*:*",
                     matchCriteriaId: "01FE74F5-DC8B-4DF1-B130-B9F629CEF451",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:0.8:pre5:*:*:*:*:*:*",
                     matchCriteriaId: "B2593B07-1926-49B2-8861-F7506C272C26",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:0.8:pre6:*:*:*:*:*:*",
                     matchCriteriaId: "3BB23E0D-8436-43DC-8AE2-C760E352EF9D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:0.9:pre-1:*:*:*:*:*:*",
                     matchCriteriaId: "38C8F314-C158-4714-8886-03699E317173",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:0.9:pre-2:*:*:*:*:*:*",
                     matchCriteriaId: "9718319C-CF5C-43C9-AF5C-7819600DBF6C",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:0.9.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "CC316D35-0F8C-4E98-9C3F-30D0462E229F",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:0.9.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "14120CBC-22CC-4462-A020-835CBD572FE4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:1.0:*:*:*:*:*:*:*",
                     matchCriteriaId: "33CB5148-E525-46E4-9DCF-0B7BCC61CCC1",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:1.0:pre-1:*:*:*:*:*:*",
                     matchCriteriaId: "0CA692E1-2377-47EF-A5CE-24C350BCB3E8",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:1.0:pre-2:*:*:*:*:*:*",
                     matchCriteriaId: "D0EF1029-762B-4793-9795-D0B3EE717285",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:1.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "F92BF196-AF72-4536-887D-E473233E13D4",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:1.1:pre-1:*:*:*:*:*:*",
                     matchCriteriaId: "ABAB6F8F-1ECF-4BF9-A904-01D2B2E97AAD",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:1.1:pre-2:*:*:*:*:*:*",
                     matchCriteriaId: "EB3FE2ED-A057-4958-A1A5-9BB589D9CE14",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:1.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "F237A0F9-E806-4A28-8FAD-3738D0EA7191",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:1.2:pre-1:*:*:*:*:*:*",
                     matchCriteriaId: "FC23C619-388D-44EA-9E03-51EA42C5838B",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:1.2:pre-2:*:*:*:*:*:*",
                     matchCriteriaId: "2A9CD391-31EA-4F58-851D-EA0D9E2EF212",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:1.2:pre-3:*:*:*:*:*:*",
                     matchCriteriaId: "8B775A8A-2C08-4A19-8FC6-7DEEC86827A9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:1.2.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "DE6366DF-9482-4E44-86C4-6681B82885EB",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:1.2.2:*:*:*:*:*:*:*",
                     matchCriteriaId: "A8762E1D-5AB8-4B80-BF26-2EF21CF7A5E9",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:1.2.3:*:*:*:*:*:*:*",
                     matchCriteriaId: "E6F6CA38-FC9C-4E94-8506-E2127CD9E324",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:1.2.4:*:*:*:*:*:*:*",
                     matchCriteriaId: "1BF4BB3F-BF2F-4876-9CB1-3500770FA7F2",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:1.2.5:*:*:*:*:*:*:*",
                     matchCriteriaId: "58A3759C-D905-4D4B-907F-6BF278F8413D",
                     vulnerable: true,
                  },
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:1.2.6.1:*:*:*:*:*:*:*",
                     matchCriteriaId: "06C6E166-F679-4D75-92DE-6A4C4AA34EF5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php.",
      },
      {
         lang: "es",
         value: "Vulnerabilidad de inyección SQL en Meeting Room Booking System (MRBS) versiones anteriores a v1.4 permite a atacantes remotos ejecutar comandos SQL de su elección mediante el parámetro \"area\" en (1) month.php, y posiblemente en (2) day.php y (3) week.php.",
      },
   ],
   id: "CVE-2008-4620",
   lastModified: "2024-11-21T00:52:07.447",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "HIGH",
            cvssData: {
               accessComplexity: "LOW",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "PARTIAL",
               baseScore: 7.5,
               confidentialityImpact: "PARTIAL",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:L/Au:N/C:P/I:P/A:P",
               version: "2.0",
            },
            exploitabilityScore: 10,
            impactScore: 6.4,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: true,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: false,
         },
      ],
   },
   published: "2008-10-21T01:18:01.960",
   references: [
      {
         source: "cve@mitre.org",
         url: "http://securityreason.com/securityalert/4450",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.securityfocus.com/bid/31809",
      },
      {
         source: "cve@mitre.org",
         url: "http://www.vupen.com/english/advisories/2008/2865",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45972",
      },
      {
         source: "cve@mitre.org",
         url: "https://www.exploit-db.com/exploits/6781",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://securityreason.com/securityalert/4450",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.securityfocus.com/bid/31809",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "http://www.vupen.com/english/advisories/2008/2865",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/45972",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://www.exploit-db.com/exploits/6781",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-89",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}

Vulnerability from fkie_nvd
Published
2008-08-10 20:41
Modified
2024-11-21 00:49
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Impacted products
Vendor Product Version
mrbs mrbs 1.2.6



{
   configurations: [
      {
         nodes: [
            {
               cpeMatch: [
                  {
                     criteria: "cpe:2.3:a:mrbs:mrbs:1.2.6:*:*:*:*:*:*:*",
                     matchCriteriaId: "C9F8AEEA-5769-481F-8134-0D18A989B1C5",
                     vulnerable: true,
                  },
               ],
               negate: false,
               operator: "OR",
            },
         ],
      },
   ],
   cveTags: [],
   descriptions: [
      {
         lang: "en",
         value: "Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php.  NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.",
      },
      {
         lang: "es",
         value: "Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Meeting Room Booking System (MRBS) 1.2.6, permiten a atacantes remotos inyectar web script o HTML de su elección a través del parámetro area a (1) day.php, (2) week.php, (3) month.php. NOTA: la procedencia de esta información es desconocida; los detalles han sido obtenidos solamente a partir de la información de terceros.",
      },
   ],
   id: "CVE-2008-3565",
   lastModified: "2024-11-21T00:49:33.440",
   metrics: {
      cvssMetricV2: [
         {
            acInsufInfo: false,
            baseSeverity: "MEDIUM",
            cvssData: {
               accessComplexity: "MEDIUM",
               accessVector: "NETWORK",
               authentication: "NONE",
               availabilityImpact: "NONE",
               baseScore: 4.3,
               confidentialityImpact: "NONE",
               integrityImpact: "PARTIAL",
               vectorString: "AV:N/AC:M/Au:N/C:N/I:P/A:N",
               version: "2.0",
            },
            exploitabilityScore: 8.6,
            impactScore: 2.9,
            obtainAllPrivilege: false,
            obtainOtherPrivilege: false,
            obtainUserPrivilege: false,
            source: "nvd@nist.gov",
            type: "Primary",
            userInteractionRequired: true,
         },
      ],
   },
   published: "2008-08-10T20:41:00.000",
   references: [
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/31355",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/30531",
      },
      {
         source: "cve@mitre.org",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/bid/30531/exploit",
      },
      {
         source: "cve@mitre.org",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44188",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://secunia.com/advisories/31355",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Vendor Advisory",
         ],
         url: "http://www.securityfocus.com/bid/30531",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         tags: [
            "Exploit",
         ],
         url: "http://www.securityfocus.com/bid/30531/exploit",
      },
      {
         source: "af854a3a-2127-422b-91ae-364da2661108",
         url: "https://exchange.xforce.ibmcloud.com/vulnerabilities/44188",
      },
   ],
   sourceIdentifier: "cve@mitre.org",
   vulnStatus: "Modified",
   weaknesses: [
      {
         description: [
            {
               lang: "en",
               value: "CWE-79",
            },
         ],
         source: "nvd@nist.gov",
         type: "Primary",
      },
   ],
}