Lucene search

[email protected]CVE-2009-2366

HistoryJul 08, 2009 - 3:30 p.m.

CVE-2009-2366

2009-07-0815:30:01

CWE-89

[email protected]

web.nvd.nist.gov

cve-2009-2366

sql injection

datacheck solutions

forumpal fe

forumpal 1.5

remote attack

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.8%

JSON

SQL injection vulnerability in login.asp in DataCheck Solutions ForumPal FE 1.1 and ForumPal 1.5 allows remote attackers to execute arbitrary SQL commands via the (1) password parameter in 1.1 and (2) p_password parameter in 1.5. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

datachecknhforumpalMatch1.5

datachecknhforumpal_feMatch1.1

CPENameOperatorVersion
datachecknh:forumpaldatachecknh forumpaleq1.5
datachecknh:forumpal_fedatachecknh forumpal feeq1.1

CPE	Name	Operator	Version
datachecknh:forumpal	datachecknh forumpal	eq	1.5
datachecknh:forumpal_fe	datachecknh forumpal fe	eq	1.1

References

secunia.com/advisories/35589

secunia.com/advisories/35603

www.exploit-db.com/exploits/9024

www.osvdb.org/55496

www.osvdb.org/55497

exchange.xforce.ibmcloud.com/vulnerabilities/51403

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.8%

JSON

Related for CVE-2009-2366

nvd1 cvelist1 prion1