{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-06-14T09:06:17.896","vulnerabilities":[{"cve":{"id":"CVE-2008-3649","sourceIdentifier":"cve@mitre.org","published":"2008-08-13T00:41:00.000","lastModified":"2026-04-23T00:35:47.467","vulnStatus":"Modified","cveTags":[],"descriptions":[{"lang":"en","value":"SQL injection vulnerability in categorydetail.php in Article Friendly Standard allows remote attackers to execute arbitrary SQL commands via the Cat parameter."},{"lang":"es","value":"Vulnerabilidad de inyección SQL en categorydetail.php en Article Friendly Standard, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro \"Cat\"."}],"metrics":{"cvssMetricV2":[{"source":"nvd@nist.gov","type":"Primary","cvssData":{"version":"2.0","vectorString":"AV:N/AC:M/Au:N/C:P/I:P/A:P","baseScore":6.8,"accessVector":"NETWORK","accessComplexity":"MEDIUM","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL"},"baseSeverity":"MEDIUM","exploitabilityScore":8.6,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}]},"weaknesses":[{"source":"nvd@nist.gov","type":"Primary","description":[{"lang":"en","value":"CWE-89"}]}],"configurations":[{"nodes":[{"operator":"OR","negate":false,"cpeMatch":[{"vulnerable":true,"criteria":"cpe:2.3:a:articlefriendly:article_friendly:*:*:standard:*:*:*:*:*","matchCriteriaId":"FB08BE69-564F-4448-9090-0077B577FD22"}]}]}],"references":[{"url":"http://secunia.com/advisories/31292","source":"cve@mitre.org","tags":["Vendor Advisory"]},{"url":"http://securityreason.com/securityalert/4149","source":"cve@mitre.org"},{"url":"http://www.securityfocus.com/bid/30453","source":"cve@mitre.org"},{"url":"http://www.vupen.com/english/advisories/2008/2254","source":"cve@mitre.org"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44121","source":"cve@mitre.org"},{"url":"https://www.exploit-db.com/exploits/6167","source":"cve@mitre.org"},{"url":"http://secunia.com/advisories/31292","source":"af854a3a-2127-422b-91ae-364da2661108","tags":["Vendor Advisory"]},{"url":"http://securityreason.com/securityalert/4149","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.securityfocus.com/bid/30453","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"http://www.vupen.com/english/advisories/2008/2254","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://exchange.xforce.ibmcloud.com/vulnerabilities/44121","source":"af854a3a-2127-422b-91ae-364da2661108"},{"url":"https://www.exploit-db.com/exploits/6167","source":"af854a3a-2127-422b-91ae-364da2661108"}],"evaluatorImpact":"Regarding Access Complexity:\r\n\r\nhttp://secunia.com/advisories/31292:\r\n\r\n\"Input passed to the \"autid\" parameter in authordetail.php and to the \"Cat\" parameter in categorydetail.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.\r\n\r\nSuccessful exploitation requires that \"magic_quotes_gpc\" is disabled.\""}}]}