Lucene search

[email protected]CVE-2009-2142

HistoryJun 22, 2009 - 2:30 p.m.

CVE-2009-2142

2009-06-2214:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2009-2142

sql injection

admin/index.asp

zip store chat 4.0

zip store chat 5.0

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.8%

JSON

Multiple SQL injection vulnerabilities in admin/index.asp in Zip Store Chat 4.0 and 5.0 allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) senha parameters.

Affected configurations

NVD

Node

zipstorezip_store_chatMatch4.0

zipstorezip_store_chatMatch5.0

CPENameOperatorVersion
zipstore:zip_store_chatzipstore zip store chateq4.0
zipstore:zip_store_chatzipstore zip store chateq5.0

CPE	Name	Operator	Version
zipstore:zip_store_chat	zipstore zip store chat	eq	4.0
zipstore:zip_store_chat	zipstore zip store chat	eq	5.0

References

secunia.com/advisories/35417

www.vupen.com/english/advisories/2009/1581

www.exploit-db.com/exploits/8935

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.8%

JSON

Related for CVE-2009-2142

prion1 cvelist1 nvd1