Lucene search

[email protected]CVE-2009-2921

HistoryAug 21, 2009 - 11:30 a.m.

CVE-2009-2921

2009-08-2111:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2009-2921

sql injection

moc designs php news 1.1

remote attackers

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.8%

JSON

Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field).

Affected configurations

NVD

Node

mocdesignsphp_newsMatch1.1

CPENameOperatorVersion
mocdesigns:php_newsmocdesigns php newseq1.1

CPE	Name	Operator	Version
mocdesigns:php_news	mocdesigns php news	eq	1.1

References

www.exploit-db.com/exploits/9353

www.vupen.com/english/advisories/2009/2161

exchange.xforce.ibmcloud.com/vulnerabilities/52231

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.9 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.8%

JSON

Related for CVE-2009-2921

prion1 cvelist1 nvd1