Lucene search

[email protected]CVE-2009-2389

HistoryJul 09, 2009 - 4:30 p.m.

CVE-2009-2389

2009-07-0916:30:00

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

newsscript.php

usolved newsolved

cve-2009-2389

vulnerability

nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

43.8%

JSON

Multiple SQL injection vulnerabilities in newsscript.php in USOLVED NEWSolved 1.1.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) jahr or (2) idneu parameter in an archive action, or (3) the newsid parameter.

Affected configurations

NVD

Node

usolvednewsolvedMatch1.1.6

CPENameOperatorVersion
usolved:newsolvedusolved newsolvedeq1.1.6

CPE	Name	Operator	Version
usolved:newsolved	usolved newsolved	eq	1.1.6

References

secunia.com/advisories/35611

www.exploit-db.com/exploits/9042

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

43.8%

JSON

Related for CVE-2009-2389

cvelist1 nvd1 prion1