Lucene search
HistoryOct 03, 2022 - 4:23 p.m.
CVE-2009-1433
cve-2009-1433
sql injection
file.php
silverstripe
remote attackers
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.7 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
64.5%
SQL injection vulnerability in File::find (filesystem/File.php) in SilverStripe before 2.3.1 allows remote attackers to execute arbitrary SQL commands via the filename parameter.
Affected configurations
Node
silverstripesilverstripeRange≤2.3.1rc2
ORsilverstripesilverstripeMatch2.0.0
ORsilverstripesilverstripeMatch2.0.1
ORsilverstripesilverstripeMatch2.0.2
ORsilverstripesilverstripeMatch2.1.0
ORsilverstripesilverstripeMatch2.1.1
ORsilverstripesilverstripeMatch2.2.0
ORsilverstripesilverstripeMatch2.2.1
ORsilverstripesilverstripeMatch2.2.2
ORsilverstripesilverstripeMatch2.2.4
ORsilverstripesilverstripeMatch2.3.0
ORsilverstripesilverstripeMatch2.3.0rc1
ORsilverstripesilverstripeMatch2.3.0rc2
ORsilverstripesilverstripeMatch2.3.0rc3
ORsilverstripesilverstripeMatch2.3.1rc1
Related
prion
prion
Sql injection
2009-04-24 23:30:00
nvd
nvd
CVE-2009-1433
2009-04-24 23:30:00
cvelist
cvelist
CVE-2009-1433
2022-10-03 16:23:59
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.7 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
64.5%
Related for CVE-2009-1433