Search criteria
9 vulnerabilities found for mrbs by mrbs
FKIE_CVE-2008-4620
Vulnerability from fkie_nvd - Published: 2008-10-21 01:18 - Updated: 2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| mrbs | mrbs | * | |
| mrbs | mrbs | 0.5 | |
| mrbs | mrbs | 0.6 | |
| mrbs | mrbs | 0.7 | |
| mrbs | mrbs | 0.8 | |
| mrbs | mrbs | 0.8 | |
| mrbs | mrbs | 0.8 | |
| mrbs | mrbs | 0.8 | |
| mrbs | mrbs | 0.8 | |
| mrbs | mrbs | 0.8 | |
| mrbs | mrbs | 0.8 | |
| mrbs | mrbs | 0.9 | |
| mrbs | mrbs | 0.9 | |
| mrbs | mrbs | 0.9.1 | |
| mrbs | mrbs | 0.9.2 | |
| mrbs | mrbs | 1.0 | |
| mrbs | mrbs | 1.0 | |
| mrbs | mrbs | 1.0 | |
| mrbs | mrbs | 1.1 | |
| mrbs | mrbs | 1.1 | |
| mrbs | mrbs | 1.1 | |
| mrbs | mrbs | 1.2 | |
| mrbs | mrbs | 1.2 | |
| mrbs | mrbs | 1.2 | |
| mrbs | mrbs | 1.2 | |
| mrbs | mrbs | 1.2.1 | |
| mrbs | mrbs | 1.2.2 | |
| mrbs | mrbs | 1.2.3 | |
| mrbs | mrbs | 1.2.4 | |
| mrbs | mrbs | 1.2.5 | |
| mrbs | mrbs | 1.2.6.1 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mrbs:mrbs:*:*:*:*:*:*:*:*",
"matchCriteriaId": "6E9662ED-8498-46F1-AA92-D9D2871472CF",
"versionEndIncluding": "1.2.6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:0.5:*:*:*:*:*:*:*",
"matchCriteriaId": "CFAE9473-63D8-4F62-9198-9047B414BC86",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:0.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F2B623EF-8577-4B8A-B4EE-5B3B54BE7F68",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:0.7:*:*:*:*:*:*:*",
"matchCriteriaId": "0DFDB3DE-E235-4D14-BE58-72EA88D4F36B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:0.8:*:*:*:*:*:*:*",
"matchCriteriaId": "47EADF68-66EC-4451-A725-AC736E3D57F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:0.8:pre1:*:*:*:*:*:*",
"matchCriteriaId": "EABFB18E-5D50-46FD-9797-2818640509F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:0.8:pre2:*:*:*:*:*:*",
"matchCriteriaId": "FD2A1F3C-28AC-43CD-B672-68609FE34C0B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:0.8:pre3:*:*:*:*:*:*",
"matchCriteriaId": "82FD3EBE-A1B5-443D-BB4E-85989574165C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:0.8:pre4:*:*:*:*:*:*",
"matchCriteriaId": "01FE74F5-DC8B-4DF1-B130-B9F629CEF451",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:0.8:pre5:*:*:*:*:*:*",
"matchCriteriaId": "B2593B07-1926-49B2-8861-F7506C272C26",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:0.8:pre6:*:*:*:*:*:*",
"matchCriteriaId": "3BB23E0D-8436-43DC-8AE2-C760E352EF9D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:0.9:pre-1:*:*:*:*:*:*",
"matchCriteriaId": "38C8F314-C158-4714-8886-03699E317173",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:0.9:pre-2:*:*:*:*:*:*",
"matchCriteriaId": "9718319C-CF5C-43C9-AF5C-7819600DBF6C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:0.9.1:*:*:*:*:*:*:*",
"matchCriteriaId": "CC316D35-0F8C-4E98-9C3F-30D0462E229F",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:0.9.2:*:*:*:*:*:*:*",
"matchCriteriaId": "14120CBC-22CC-4462-A020-835CBD572FE4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "33CB5148-E525-46E4-9DCF-0B7BCC61CCC1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:1.0:pre-1:*:*:*:*:*:*",
"matchCriteriaId": "0CA692E1-2377-47EF-A5CE-24C350BCB3E8",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:1.0:pre-2:*:*:*:*:*:*",
"matchCriteriaId": "D0EF1029-762B-4793-9795-D0B3EE717285",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:1.1:*:*:*:*:*:*:*",
"matchCriteriaId": "F92BF196-AF72-4536-887D-E473233E13D4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:1.1:pre-1:*:*:*:*:*:*",
"matchCriteriaId": "ABAB6F8F-1ECF-4BF9-A904-01D2B2E97AAD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:1.1:pre-2:*:*:*:*:*:*",
"matchCriteriaId": "EB3FE2ED-A057-4958-A1A5-9BB589D9CE14",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:1.2:*:*:*:*:*:*:*",
"matchCriteriaId": "F237A0F9-E806-4A28-8FAD-3738D0EA7191",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:1.2:pre-1:*:*:*:*:*:*",
"matchCriteriaId": "FC23C619-388D-44EA-9E03-51EA42C5838B",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:1.2:pre-2:*:*:*:*:*:*",
"matchCriteriaId": "2A9CD391-31EA-4F58-851D-EA0D9E2EF212",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:1.2:pre-3:*:*:*:*:*:*",
"matchCriteriaId": "8B775A8A-2C08-4A19-8FC6-7DEEC86827A9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "DE6366DF-9482-4E44-86C4-6681B82885EB",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "A8762E1D-5AB8-4B80-BF26-2EF21CF7A5E9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6F6CA38-FC9C-4E94-8506-E2127CD9E324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:1.2.4:*:*:*:*:*:*:*",
"matchCriteriaId": "1BF4BB3F-BF2F-4876-9CB1-3500770FA7F2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58A3759C-D905-4D4B-907F-6BF278F8413D",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:1.2.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "06C6E166-F679-4D75-92DE-6A4C4AA34EF5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php."
},
{
"lang": "es",
"value": "Vulnerabilidad de inyecci\u00f3n SQL en Meeting Room Booking System (MRBS) versiones anteriores a v1.4 permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n mediante el par\u00e1metro \"area\" en (1) month.php, y posiblemente en (2) day.php y (3) week.php."
}
],
"id": "CVE-2008-4620",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": true,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2008-10-21T01:18:01.960",
"references": [
{
"source": "cve@mitre.org",
"url": "http://securityreason.com/securityalert/4450"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/31809"
},
{
"source": "cve@mitre.org",
"url": "http://www.vupen.com/english/advisories/2008/2865"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45972"
},
{
"source": "cve@mitre.org",
"url": "https://www.exploit-db.com/exploits/6781"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://securityreason.com/securityalert/4450"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/31809"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.vupen.com/english/advisories/2008/2865"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45972"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.exploit-db.com/exploits/6781"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2008-3565
Vulnerability from fkie_nvd - Published: 2008-08-10 20:41 - Updated: 2025-04-09 00:30
Severity ?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mrbs:mrbs:1.2.6:*:*:*:*:*:*:*",
"matchCriteriaId": "C9F8AEEA-5769-481F-8134-0D18A989B1C5",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
},
{
"lang": "es",
"value": "M\u00faltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en Meeting Room Booking System (MRBS) 1.2.6, permiten a atacantes remotos inyectar web script o HTML de su elecci\u00f3n a trav\u00e9s del par\u00e1metro area a (1) day.php, (2) week.php, (3) month.php. NOTA: la procedencia de esta informaci\u00f3n es desconocida; los detalles han sido obtenidos solamente a partir de la informaci\u00f3n de terceros."
}
],
"id": "CVE-2008-3565",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
]
},
"published": "2008-08-10T20:41:00.000",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31355"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/30531"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/30531/exploit"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44188"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/31355"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://www.securityfocus.com/bid/30531"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/30531/exploit"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44188"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-79"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2007-6538
Vulnerability from fkie_nvd - Published: 2007-12-27 23:46 - Updated: 2025-04-09 00:30
Severity ?
Summary
SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:mrbs:mrbs:1.2.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E6F6CA38-FC9C-4E94-8506-E2127CD9E324",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:mrbs:mrbs:1.2.5:*:*:*:*:*:*:*",
"matchCriteriaId": "58A3759C-D905-4D4B-907F-6BF278F8413D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
},
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:moodle:moodle:*:*:*:*:*:*:*:*",
"matchCriteriaId": "9A17F6CB-1A34-4EC9-A8D4-F4BC5E00F3F2",
"vulnerable": false
}
],
"negate": false,
"operator": "OR"
}
],
"operator": "AND"
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter."
},
{
"lang": "es",
"value": "Una vulnerabilidad de inyecci\u00f3n SQL en el archivo ing/blocks/mrbs/code/web/view_entry.php en el plugin MRBS para Moodle, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio del par\u00e1metro id."
}
],
"id": "CVE-2007-6538",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": true,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2007-12-27T23:46:00.000",
"references": [
{
"source": "cve@mitre.org",
"url": "http://cvs.moodle.org/contrib/plugins/blocks/mrbs/web/view_entry.php?r1=1.1\u0026r2=1.2"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/39619"
},
{
"source": "cve@mitre.org",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28198"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/securityalert/3492"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/485434/100/0/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/485455/100/200/threaded"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/archive/1/485459/100/200/threaded"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/26977"
},
{
"source": "cve@mitre.org",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39190"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://cvs.moodle.org/contrib/plugins/blocks/mrbs/web/view_entry.php?r1=1.1\u0026r2=1.2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://osvdb.org/39619"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/28198"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://securityreason.com/securityalert/3492"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485434/100/0/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485455/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/archive/1/485459/100/200/threaded"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit"
],
"url": "http://www.securityfocus.com/bid/26977"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39190"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-89"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2008-4620 (GCVE-0-2008-4620)
Vulnerability from cvelistv5 – Published: 2008-10-21 00:00 – Updated: 2024-08-07 10:24
VLAI?
Summary
SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2865",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2865"
},
{
"name": "4450",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4450"
},
{
"name": "mrbs-area-sql-injection(45972)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45972"
},
{
"name": "31809",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31809"
},
{
"name": "6781",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6781"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2865",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2865"
},
{
"name": "4450",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4450"
},
{
"name": "mrbs-area-sql-injection(45972)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45972"
},
{
"name": "31809",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31809"
},
{
"name": "6781",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6781"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2865",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2865"
},
{
"name": "4450",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4450"
},
{
"name": "mrbs-area-sql-injection(45972)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45972"
},
{
"name": "31809",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31809"
},
{
"name": "6781",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6781"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4620",
"datePublished": "2008-10-21T00:00:00",
"dateReserved": "2008-10-20T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3565 (GCVE-0-2008-3565)
Vulnerability from cvelistv5 – Published: 2008-08-10 20:00 – Updated: 2024-08-07 09:45
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:18.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30531/exploit"
},
{
"name": "mrbs-area-xss(44188)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44188"
},
{
"name": "30531",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30531"
},
{
"name": "31355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31355"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/30531/exploit"
},
{
"name": "mrbs-area-xss(44188)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44188"
},
{
"name": "30531",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30531"
},
{
"name": "31355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31355"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/30531/exploit",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/30531/exploit"
},
{
"name": "mrbs-area-xss(44188)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44188"
},
{
"name": "30531",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30531"
},
{
"name": "31355",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31355"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3565",
"datePublished": "2008-08-10T20:00:00",
"dateReserved": "2008-08-10T00:00:00",
"dateUpdated": "2024-08-07T09:45:18.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6538 (GCVE-0-2007-6538)
Vulnerability from cvelistv5 – Published: 2007-12-27 23:00 – Updated: 2024-08-07 16:11
VLAI?
Summary
SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28198"
},
{
"name": "20071222 Re: Re: Moodle SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485459/100/200/threaded"
},
{
"name": "20071222 Re: Moodle SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485455/100/200/threaded"
},
{
"name": "3492",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3492"
},
{
"name": "39619",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39619"
},
{
"name": "moodle-viewentry-sql-injection(39190)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39190"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.moodle.org/contrib/plugins/blocks/mrbs/web/view_entry.php?r1=1.1\u0026r2=1.2"
},
{
"name": "20071221 Moodle SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485434/100/0/threaded"
},
{
"name": "26977",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28198"
},
{
"name": "20071222 Re: Re: Moodle SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485459/100/200/threaded"
},
{
"name": "20071222 Re: Moodle SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485455/100/200/threaded"
},
{
"name": "3492",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3492"
},
{
"name": "39619",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39619"
},
{
"name": "moodle-viewentry-sql-injection(39190)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39190"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.moodle.org/contrib/plugins/blocks/mrbs/web/view_entry.php?r1=1.1\u0026r2=1.2"
},
{
"name": "20071221 Moodle SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485434/100/0/threaded"
},
{
"name": "26977",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26977"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28198"
},
{
"name": "20071222 Re: Re: Moodle SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485459/100/200/threaded"
},
{
"name": "20071222 Re: Moodle SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485455/100/200/threaded"
},
{
"name": "3492",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3492"
},
{
"name": "39619",
"refsource": "OSVDB",
"url": "http://osvdb.org/39619"
},
{
"name": "moodle-viewentry-sql-injection(39190)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39190"
},
{
"name": "http://cvs.moodle.org/contrib/plugins/blocks/mrbs/web/view_entry.php?r1=1.1\u0026r2=1.2",
"refsource": "CONFIRM",
"url": "http://cvs.moodle.org/contrib/plugins/blocks/mrbs/web/view_entry.php?r1=1.1\u0026r2=1.2"
},
{
"name": "20071221 Moodle SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485434/100/0/threaded"
},
{
"name": "26977",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26977"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6538",
"datePublished": "2007-12-27T23:00:00",
"dateReserved": "2007-12-27T00:00:00",
"dateUpdated": "2024-08-07T16:11:06.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-4620 (GCVE-0-2008-4620)
Vulnerability from nvd – Published: 2008-10-21 00:00 – Updated: 2024-08-07 10:24
VLAI?
Summary
SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T10:24:20.453Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "ADV-2008-2865",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2008/2865"
},
{
"name": "4450",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/4450"
},
{
"name": "mrbs-area-sql-injection(45972)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45972"
},
{
"name": "31809",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/31809"
},
{
"name": "6781",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/6781"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-10-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-09-28T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "ADV-2008-2865",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2008/2865"
},
{
"name": "4450",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/4450"
},
{
"name": "mrbs-area-sql-injection(45972)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45972"
},
{
"name": "31809",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/31809"
},
{
"name": "6781",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/6781"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-4620",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in Meeting Room Booking System (MRBS) before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to (1) month.php, and possibly (2) day.php and (3) week.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "ADV-2008-2865",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2008/2865"
},
{
"name": "4450",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/4450"
},
{
"name": "mrbs-area-sql-injection(45972)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/45972"
},
{
"name": "31809",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/31809"
},
{
"name": "6781",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/6781"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-4620",
"datePublished": "2008-10-21T00:00:00",
"dateReserved": "2008-10-20T00:00:00",
"dateUpdated": "2024-08-07T10:24:20.453Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2008-3565 (GCVE-0-2008-3565)
Vulnerability from nvd – Published: 2008-08-10 20:00 – Updated: 2024-08-07 09:45
VLAI?
Summary
Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T09:45:18.833Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30531/exploit"
},
{
"name": "mrbs-area-xss(44188)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44188"
},
{
"name": "30531",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/30531"
},
{
"name": "31355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/31355"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2008-08-04T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2017-08-07T12:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.securityfocus.com/bid/30531/exploit"
},
{
"name": "mrbs-area-xss(44188)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44188"
},
{
"name": "30531",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/30531"
},
{
"name": "31355",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/31355"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2008-3565",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site scripting (XSS) vulnerabilities in Meeting Room Booking System (MRBS) 1.2.6 allow remote attackers to inject arbitrary web script or HTML via the area parameter to (1) day.php, (2) week.php, (3) month.php, (4) search.php, (5) report.php, and (6) help.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.securityfocus.com/bid/30531/exploit",
"refsource": "MISC",
"url": "http://www.securityfocus.com/bid/30531/exploit"
},
{
"name": "mrbs-area-xss(44188)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44188"
},
{
"name": "30531",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/30531"
},
{
"name": "31355",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/31355"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2008-3565",
"datePublished": "2008-08-10T20:00:00",
"dateReserved": "2008-08-10T00:00:00",
"dateUpdated": "2024-08-07T09:45:18.833Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2007-6538 (GCVE-0-2007-6538)
Vulnerability from nvd – Published: 2007-12-27 23:00 – Updated: 2024-08-07 16:11
VLAI?
Summary
SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T16:11:06.049Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "28198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/28198"
},
{
"name": "20071222 Re: Re: Moodle SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485459/100/200/threaded"
},
{
"name": "20071222 Re: Moodle SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485455/100/200/threaded"
},
{
"name": "3492",
"tags": [
"third-party-advisory",
"x_refsource_SREASON",
"x_transferred"
],
"url": "http://securityreason.com/securityalert/3492"
},
{
"name": "39619",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/39619"
},
{
"name": "moodle-viewentry-sql-injection(39190)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39190"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://cvs.moodle.org/contrib/plugins/blocks/mrbs/web/view_entry.php?r1=1.1\u0026r2=1.2"
},
{
"name": "20071221 Moodle SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/485434/100/0/threaded"
},
{
"name": "26977",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/26977"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2007-12-21T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-15T20:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "28198",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/28198"
},
{
"name": "20071222 Re: Re: Moodle SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485459/100/200/threaded"
},
{
"name": "20071222 Re: Moodle SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485455/100/200/threaded"
},
{
"name": "3492",
"tags": [
"third-party-advisory",
"x_refsource_SREASON"
],
"url": "http://securityreason.com/securityalert/3492"
},
{
"name": "39619",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/39619"
},
{
"name": "moodle-viewentry-sql-injection(39190)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39190"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://cvs.moodle.org/contrib/plugins/blocks/mrbs/web/view_entry.php?r1=1.1\u0026r2=1.2"
},
{
"name": "20071221 Moodle SQL Injection",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/485434/100/0/threaded"
},
{
"name": "26977",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/26977"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6538",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in ing/blocks/mrbs/code/web/view_entry.php in the MRBS plugin for Moodle allows remote attackers to execute arbitrary SQL commands via the id parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "28198",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28198"
},
{
"name": "20071222 Re: Re: Moodle SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485459/100/200/threaded"
},
{
"name": "20071222 Re: Moodle SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485455/100/200/threaded"
},
{
"name": "3492",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3492"
},
{
"name": "39619",
"refsource": "OSVDB",
"url": "http://osvdb.org/39619"
},
{
"name": "moodle-viewentry-sql-injection(39190)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/39190"
},
{
"name": "http://cvs.moodle.org/contrib/plugins/blocks/mrbs/web/view_entry.php?r1=1.1\u0026r2=1.2",
"refsource": "CONFIRM",
"url": "http://cvs.moodle.org/contrib/plugins/blocks/mrbs/web/view_entry.php?r1=1.1\u0026r2=1.2"
},
{
"name": "20071221 Moodle SQL Injection",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/485434/100/0/threaded"
},
{
"name": "26977",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26977"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2007-6538",
"datePublished": "2007-12-27T23:00:00",
"dateReserved": "2007-12-27T00:00:00",
"dateUpdated": "2024-08-07T16:11:06.049Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}