Lucene search

[email protected]CVE-2009-1411

HistoryApr 24, 2009 - 2:30 p.m.

CVE-2009-1411

2009-04-2414:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2009-1411

sql injection

events plugin

seditio cms 1.0

remote attackers

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.6%

JSON

SQL injection vulnerability in events/inc/events.inc.php in the Events plugin for Seditio CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the c parameter to plug.php.

Affected configurations

NVD

Node

neocromeseditioMatch1.0

CPENameOperatorVersion
neocrome:seditioneocrome seditioeq1.0

CPE	Name	Operator	Version
neocrome:seditio	neocrome seditio	eq	1.0

References

osvdb.org/53827

secunia.com/advisories/34812

www.securityfocus.com/bid/34608

www.vupen.com/english/advisories/2009/1112

exchange.xforce.ibmcloud.com/vulnerabilities/49975

www.exploit-db.com/exploits/8482

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

59.6%

JSON

Related for CVE-2009-1411

cvelist1 prion1 nvd1