Lucene search
MitreCVE-2009-2736HistoryAug 11, 2009 - 10:30 a.m.
CVE-2009-2736
2009-08-1110:30:00
CWE-94
mitre
web.nvd.nist.gov
22
cve
2009
2736
static code injection
vulnerability
admin.php
sun-jester
opennews 1.0
remote authenticated administrators
php code
config.php
setconfig action
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
7
Confidence
Low
EPSS
0.004
Percentile
72.5%
Static code injection vulnerability in admin.php in sun-jester OpenNews 1.0 allows remote authenticated administrators to inject arbitrary PHP code into config.php via the “Overall Width” field in a setconfig action.
Affected configurations
Node
sun-jesteropennewsMatch1.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| sun-jester | opennews | 1.0 | cpe:2.3:a:sun-jester:opennews:1.0:*:*:*:*:*:*:* |
Related
nvd
nvd
CVE-2009-2736
2009-08-11 10:30:00
cvelist
cvelist
CVE-2009-2736
2009-08-11 10:00:00
prion
prion
Code injection
2009-08-11 10:30:00
exploitdb
exploitdb
opennews 1.0 - SQL Injection / Remote Code Execution
2009-08-05 00:00:00
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
7
Confidence
Low
EPSS
0.004
Percentile
72.5%
Related for CVE-2009-2736