Lucene search
MitreCVE-2009-2604HistoryJul 27, 2009 - 2:30 p.m.
CVE-2009-2604
2009-07-2714:30:00
CWE-89
mitre
web.nvd.nist.gov
24
sql injection
zen help desk 2.1
adminlogin.asp
cve-2009-2604
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.8
Confidence
Low
EPSS
0.001
Percentile
43.7%
Multiple SQL injection vulnerabilities in adminlogin.asp in Zen Help Desk 2.1 allow remote attackers to execute arbitrary SQL commands via the (1) userid (aka username) and (2) PassWord parameters to admin.asp.
Affected configurations
Node
zenhelpdeskzen_help_deskMatch2.1
| Vendor | Product | Version | CPE |
|---|---|---|---|
| zenhelpdesk | zen_help_desk | 2.1 | cpe:2.3:a:zenhelpdesk:zen_help_desk:2.1:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2009-2604
2009-07-27 14:30:00
prion
prion
Sql injection
2009-07-27 14:30:00
exploitdb
exploitdb
Zen Help Desk 2.1 - Authentication Bypass
2009-05-29 00:00:00
cvelist
cvelist
CVE-2009-2604
2009-07-27 14:22:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
8.8
Confidence
Low
EPSS
0.001
Percentile
43.7%
Related for CVE-2009-2604