Lucene search

[email protected]CVE-2009-1778

HistoryMay 22, 2009 - 8:30 p.m.

CVE-2009-1778

2009-05-2220:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2009-1778

sql injection

bigace cms 2.5

security vulnerability

remote attack

8.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.9%

JSON

SQL injection vulnerability in the new user registration feature in BigACE CMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.

Affected configurations

NVD

Node

bigacebigace_cmsMatch2.5

CPENameOperatorVersion
bigace:bigace_cmsbigace bigace cmseq2.5

CPE	Name	Operator	Version
bigace:bigace_cms	bigace bigace cms	eq	2.5

References

secunia.com/advisories/35063

www.bigace.de/BIGACE-2.6.html

www.bigace.de/Security-Fix-for-2.5.html

www.securityfocus.com/archive/1/503448/100/0/threaded

www.securityfocus.com/bid/34920

www.exploit-db.com/exploits/8664

8.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.9%

JSON

Related for CVE-2009-1778

cvelist1 prion1 nvd1