Lucene search

[email protected]CVE-2009-0704

HistoryFeb 23, 2009 - 3:30 p.m.

CVE-2009-0704

2009-02-2315:30:04

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

vulnerability

wsn guest 1.23

remote attackers

arbitrary sql commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.0%

JSON

SQL injection vulnerability in search.php in WSN Guest 1.23 allows remote attackers to execute arbitrary SQL commands via the search parameter in an advanced action.

Affected configurations

NVD

Node

webmastersitewsn_guestMatch1.23

CPENameOperatorVersion
webmastersite:wsn_guestwebmastersite wsn guesteq1.23

CPE	Name	Operator	Version
webmastersite:wsn_guest	webmastersite wsn guest	eq	1.23

References

www.securityfocus.com/bid/33097

exchange.xforce.ibmcloud.com/vulnerabilities/47723

www.exploit-db.com/exploits/7659

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.0%

JSON

Related for CVE-2009-0704

cvelist1 prion1 nvd1