Lucene search

K
cve[email protected]CVE-2009-2601
HistoryJul 27, 2009 - 2:30 p.m.

CVE-2009-2601

2009-07-2714:30:00
CWE-89
web.nvd.nist.gov
21
cve-2009-2601
sql injection
joomlaequipment
juser
com_juser
nvd
vulnerability

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

43.7%

SQL injection vulnerability in the Joomlaequipment (aka JUser or com_juser) component 2.0.4 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a show_profile action to index.php.

Affected configurations

NVD
Node
joomlaequipmentjuserMatch2.0.4
AND
joomlajoomla\!

8.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

43.7%

Related for CVE-2009-2601