Lucene search

[email protected]CVE-2009-0646

HistoryFeb 18, 2009 - 11:30 p.m.

CVE-2009-0646

2009-02-1823:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2009-0646

sql injection

4site cms 2.6

nvd

security vulnerability

remote attack

9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.2%

JSON

Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) password parameters to pcgi/4site.pl, (3) page parameter to print/print.shtml, (4) s and (5) i parameters to portfolio/index.shtml, (6) h parameter to hotel/index.php, (7) id parameter to news/news1.shtml, and the (8) th parameter to faq/index.shtml.

CPENameOperatorVersion
4site:4site_cms4site 4site cmsle2.6

CPE	Name	Operator	Version
4site:4site_cms	4site 4site cms	le	2.6

References

secunia.com/advisories/33733

wsec.ru/wsec-09-002-4site-cms-26-multiple-sql-injections/

www.htbridge.ch/advisory/sql_injection_in_4site_cms.html

www.osvdb.org/51806

www.osvdb.org/51807

www.osvdb.org/51808

www.osvdb.org/51809

www.securityfocus.com/archive/1/514376/100/0/threaded

www.securityfocus.com/bid/33594

exchange.xforce.ibmcloud.com/vulnerabilities/48483

exchange.xforce.ibmcloud.com/vulnerabilities/48486

exchange.xforce.ibmcloud.com/vulnerabilities/48487

exchange.xforce.ibmcloud.com/vulnerabilities/48488

www.exploit-db.com/exploits/7964

9 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.003 Low

EPSS

Percentile

68.2%

JSON

Related for CVE-2009-0646

cvelist2 prion2 cve1