ID CVE-2009-1277 Type cve Reporter NVD Modified 2017-09-28T21:34:16
Description
SQL injection vulnerability in index.php in Gravity Board X (GBX) 2.0 BETA allows remote attackers to execute arbitrary SQL commands via the member_id parameter in a viewprofile action. NOTE: the board_id issue is already covered by CVE-2008-2996.2.
{"result": {"openvas": [{"id": "OPENVAS:1361412562310100101", "type": "openvas", "title": "Gravity Board X Multiple SQL Injection Vulnerabilities and Remote Command Execution Vulnerability", "description": "Gravity Board X is prone to multiple SQL-injection vulnerabilities\n and a remote command-execution because it fails to sufficiently\n sanitize user-supplied data before using it in an SQL query.\n\n Exploiting these issues could allow an attacker to execute arbitrary\n code, compromise the application. access or modify data, or exploit\n latent vulnerabilities in the underlying database.\n\n Gravity Board X 2.0 is vulnerable; other versions may also be\n affected.", "published": "2009-04-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100101", "cvelist": ["CVE-2009-1277"], "lastseen": "2018-04-11T11:46:21"}, {"id": "OPENVAS:100101", "type": "openvas", "title": "Gravity Board X Multiple SQL Injection Vulnerabilities and Remote Command Execution Vulnerability", "description": "Gravity Board X is prone to multiple SQL-injection vulnerabilities\n and a remote command-execution because it fails to sufficiently\n sanitize user-supplied data before using it in an SQL query.\n\n Exploiting these issues could allow an attacker to execute arbitrary\n code, compromise the application. access or modify data, or exploit\n latent vulnerabilities in the underlying database.\n\n Gravity Board X 2.0 is vulnerable; other versions may also be\n affected.", "published": "2009-04-05T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=100101", "cvelist": ["CVE-2009-1277"], "lastseen": "2017-07-02T21:14:10"}, {"id": "OPENVAS:1361412562310100115", "type": "openvas", "title": "ConnX 'frmLoginPwdReminderPopup.aspx' SQL Injection Vulnerability", "description": "ConnX is prone to an unspecified SQL-injection vulnerability because it fails\nto sufficiently sanitize user-supplied data before using it in a SQL query.", "published": "2009-04-08T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100115", "cvelist": ["CVE-2009-1277"], "lastseen": "2018-02-14T19:09:15"}], "exploitdb": [{"id": "EDB-ID:8350", "type": "exploitdb", "title": "Gravity Board X 2.0b SQL Injection / Post Auth Code Execution", "description": "Gravity Board X 2.0b SQL Injection / Post Auth Code Execution. CVE-2008-2996,CVE-2009-1277,CVE-2009-1278. Webapps exploit for php platform", "published": "2009-04-03T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/8350/", "cvelist": ["CVE-2009-1277", "CVE-2008-2996", "CVE-2009-1278"], "lastseen": "2016-02-01T04:19:15"}, {"id": "EDB-ID:5791", "type": "exploitdb", "title": "gravity board x 2.0 beta sql/XSS Multiple Vulnerabilities", "description": "Gravity Board X 2.0 Beta (SQL/XSS) Multiple Remote Vulnerabilities. CVE-2008-2996,CVE-2008-2997,CVE-2009-1277. Webapps exploit for php platform", "published": "2008-06-12T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/5791/", "cvelist": ["CVE-2009-1277", "CVE-2008-2997", "CVE-2008-2996"], "lastseen": "2016-01-31T23:34:25"}]}}