Lucene search

K
cve[email protected]CVE-2009-1778
HistoryMay 22, 2009 - 8:30 p.m.

CVE-2009-1778

2009-05-2220:30:00
CWE-89
web.nvd.nist.gov
24
cve-2009-1778
sql injection
bigace cms 2.5
security vulnerability
remote attack

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.0%

SQL injection vulnerability in the new user registration feature in BigACE CMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.

Affected configurations

NVD
Node
bigacebigace_cmsMatch2.5

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

56.0%

Related for CVE-2009-1778