Lucene search

K
cve[email protected]CVE-2009-1778
HistoryMay 22, 2009 - 8:30 p.m.

CVE-2009-1778

2009-05-2220:30:00
CWE-89
web.nvd.nist.gov
24
cve-2009-1778
sql injection
bigace cms 2.5
security vulnerability
remote attack

8.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.9%

SQL injection vulnerability in the new user registration feature in BigACE CMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.

Affected configurations

NVD
Node
bigacebigace_cmsMatch2.5

8.7 High

AI Score

Confidence

Low

6.8 Medium

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

55.9%

Related for CVE-2009-1778