Lucene search
HistoryFeb 05, 2009 - 12:30 a.m.
CVE-2009-0429
cve-2009-0429
sql injection
active bids
remote attack
security vulnerability
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.8 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
30.1%
Multiple SQL injection vulnerabilities in Active Bids allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to search.asp, (2) SortDir parameter to auctionsended.asp, and the (3) catid parameter to wishlist.php.
Affected configurations
Node
activewebsoftwaresactive_bids
| CPE | Name | Operator | Version |
|---|---|---|---|
| activewebsoftwares:active_bids | activewebsoftwares active bids | eq | * |
Related
nvd
nvd
CVE-2009-0429
2009-02-05 00:30:00
CVE-2009-4229
2009-12-08 19:30:00
prion
prion
Sql injection
2009-02-05 00:30:00
Sql injection
2009-12-08 19:30:00
cvelist
cvelist
CVE-2009-0429
2009-02-05 00:00:00
CVE-2009-4229
2009-12-08 19:00:00
cve
cve
CVE-2009-4229
2009-12-08 19:30:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.8 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
30.1%
Related for CVE-2009-0429