Lucene search

[email protected]CVE-2009-1787

HistoryMay 26, 2009 - 4:30 p.m.

CVE-2009-1787

2009-05-2616:30:02

CWE-89

[email protected]

web.nvd.nist.gov

cve-2009-1787

php

sql injection

authentication bypass

remote attack

vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

32.1%

JSON

Multiple SQL injection vulnerabilities in PHP Dir Submit (aka WebsiteSubmitter and Submitter Script) allow remote attackers to bypass authentication and gain administrative access via the (1) username and (2) password parameters.

Affected configurations

NVD

Node

phpdirsubmitphp_dir_submit

CPENameOperatorVersion
phpdirsubmit:php_dir_submitphpdirsubmit php dir submiteq*

CPE	Name	Operator	Version
phpdirsubmit:php_dir_submit	phpdirsubmit php dir submit	eq	*

References

secunia.com/advisories/35125

www.securityfocus.com/bid/35003

www.vupen.com/english/advisories/2009/1365

www.exploit-db.com/exploits/8710

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

32.1%

JSON

Related for CVE-2009-1787

prion1 cvelist1 nvd1