Lucene search

MitreCVE-2009-1505

HistoryMay 01, 2009 - 5:30 p.m.

CVE-2009-1505

2009-05-0117:30:00

CWE-89

mitre

web.nvd.nist.gov

cve-2009-1505

sql injection

drupal

news page module

vulnerability

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

8.3

Confidence

Low

EPSS

0.003

Percentile

71.2%

JSON

SQL injection vulnerability in the News Page module 5.x before 5.x-1.2 for Drupal allows remote authenticated users, with News Page nodes create and edit privileges, to execute arbitrary SQL commands via the Include Words (aka keywords) field.

Affected configurations

Nvd

Node

drupaldrupal

AND

drupalnews_pageMatch5.x-1.1

drupalnews_pageMatch5.x-1.xdev

VendorProductVersionCPE
drupaldrupal*cpe:2.3:a:drupal:drupal:*:*:*:*:*:*:*:*
drupalnews_page5.x-1.1cpe:2.3:a:drupal:news_page:5.x-1.1:*:*:*:*:*:*:*
drupalnews_page5.x-1.xcpe:2.3:a:drupal:news_page:5.x-1.x:*:dev:*:*:*:*:*

Vendor	Product	Version	CPE
drupal	drupal	*	cpe:2.3:a:drupal:drupal::::::::
drupal	news_page	5.x-1.1	cpe:2.3:a:drupal:news_page:5.x-1.1:::::::*
drupal	news_page	5.x-1.x	cpe:2.3:a:drupal:news_page:5.x-1.x::dev:::::

References

drupal.org/node/449014

osvdb.org/54151

secunia.com/advisories/34954

www.securityfocus.com/bid/34777

www.vupen.com/english/advisories/2009/1214

exchange.xforce.ibmcloud.com/vulnerabilities/50248

CVSS2

6.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

AI Score

8.3

Confidence

Low

EPSS

0.003

Percentile

71.2%

JSON

Related for CVE-2009-1505