Lucene search

[email protected]CVE-2009-2276

HistoryJul 01, 2009 - 1:00 p.m.

CVE-2009-2276

2009-07-0113:00:01

CWE-89

[email protected]

web.nvd.nist.gov

cve-2009-2276

sql injection

vulnerability

voteforus.php

punbb

remote attackers

arbitrary commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

40.4%

JSON

SQL injection vulnerability in voteforus.php in the Vote For Us extension 1.0.1 and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the out parameter.

Affected configurations

NVD

Node

punbbpunbb

AND

bigllevote_for_us_extensionRange≤1.0.1

bigllevote_for_us_extensionMatch1.0

CPENameOperatorVersion
biglle:vote_for_us_extensionbiglle vote for us extensionle1.0.1
biglle:vote_for_us_extensionbiglle vote for us extensioneq1.0

CPE	Name	Operator	Version
biglle:vote_for_us_extension	biglle vote for us extension	le	1.0.1
biglle:vote_for_us_extension	biglle vote for us extension	eq	1.0

References

www.exploit-db.com/exploits/9058

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

40.4%

JSON

Related for CVE-2009-2276

cvelist1 prion1 nvd1