Lucene search

[email protected]CVE-2009-0394

HistoryFeb 03, 2009 - 1:30 a.m.

CVE-2009-0394

2009-02-0301:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2009-0394

sql injection

ples cms 1.0 beta 4.2

nvd

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.1%

JSON

SQL injection vulnerability in login.php in Pre Lecture Exercises (PLEs) CMS 1.0 beta 4.2 allows remote attackers to execute arbitrary SQL commands via the school parameter.

Affected configurations

NVD

Node

ple_cmsple_cmsMatch1.0beta_4.2

CPENameOperatorVersion
ple_cms:ple_cmsple cmseq1.0

CPE	Name	Operator	Version
ple_cms:ple_cms	ple cms	eq	1.0

References

www.securityfocus.com/bid/33524

www.exploit-db.com/exploits/7917

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

30.1%

JSON

Related for CVE-2009-0394

prion1 nvd1 cvelist1