Lucene search

[email protected]CVE-2009-2605

HistoryJul 27, 2009 - 2:30 p.m.

CVE-2009-2605

2009-07-2714:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve

sql injection

adminquery.php

traidnt up 2.0

security vulnerability

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

41.4%

JSON

Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote attackers to execute arbitrary SQL commands via (1) trupuser and (2) truppassword cookies to uploadcp/index.php.

Affected configurations

NVD

Node

traidnttraidnt_upMatch2.0

CPENameOperatorVersion
traidnt:traidnt_uptraidnt traidnt upeq2.0

CPE	Name	Operator	Version
traidnt:traidnt_up	traidnt traidnt up	eq	2.0

References

osvdb.org/54809

secunia.com/advisories/35273

www.exploit-db.com/exploits/8831

exchange.xforce.ibmcloud.com/vulnerabilities/50866

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

41.4%

JSON

Related for CVE-2009-2605

nvd1 prion1 cvelist1