Lucene search

[email protected]CVE-2009-1778

HistoryMay 22, 2009 - 8:30 p.m.

CVE-2009-1778

2009-05-2220:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2009-1778

sql injection

bigace cms 2.5

security vulnerability

remote attack

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.0%

JSON

SQL injection vulnerability in the new user registration feature in BigACE CMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.

Affected configurations

NVD

Node

bigacebigace_cmsMatch2.5

CPENameOperatorVersion
bigace:bigace_cmsbigace bigace cmseq2.5

CPE	Name	Operator	Version
bigace:bigace_cms	bigace bigace cms	eq	2.5

References

secunia.com/advisories/35063

www.bigace.de/BIGACE-2.6.html

www.bigace.de/Security-Fix-for-2.5.html

www.securityfocus.com/archive/1/503448/100/0/threaded

www.securityfocus.com/bid/34920

www.exploit-db.com/exploits/8664

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.0%

JSON

Related for CVE-2009-1778

prion1 nvd1 cvelist1