Lucene search

[email protected]CVE-2009-3215

HistorySep 16, 2009 - 7:30 p.m.

CVE-2009-3215

2009-09-1619:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2009-3215

sql injection

ixxo cart standalone

joomla

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.7%

JSON

SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter.

Affected configurations

NVD

Node

php-shop-systemixxo_cart

AND

joomlajoomlaMatch1.0

joomlajoomlaMatch1.0.0

joomlajoomlaMatch1.0.1

joomlajoomlaMatch1.0.2

joomlajoomlaMatch1.0.3

joomlajoomlaMatch1.0.4

joomlajoomlaMatch1.0.5

joomlajoomlaMatch1.0.6

joomlajoomlaMatch1.0.7

joomlajoomlaMatch1.0.8

joomlajoomlaMatch1.0.9

joomlajoomlaMatch1.0.10

joomlajoomlaMatch1.0.11

joomlajoomlaMatch1.0.12

joomlajoomlaMatch1.0.13

joomlajoomlaMatch1.0.14

joomlajoomlaMatch1.03

joomlajoomlaMatch1.5

joomlajoomlaMatch1.5rc1

joomlajoomlaMatch1.5rc2

joomlajoomlaMatch1.5rc3

joomlajoomlaMatch1.5.0beta

joomlajoomlaMatch1.5.0beta1

joomlajoomlaMatch1.5.0beta2

joomlajoomlaMatch1.5.0rc1

joomlajoomlaMatch1.5.1

joomlajoomlaMatch1.5.2

joomlajoomlaMatch1.5.3

joomlajoomlaMatch1.5.4

joomlajoomlaMatch1.5.5

joomlajoomlaMatch1.5.6

joomlajoomlaMatch1.5.7

joomlajoomlaMatch1.5.8

joomlajoomlaMatch1.5.9

joomlajoomlaMatch1.5.10

joomlajoomlaMatch1.5rc4

joomlajoomlaMatch1.8.1

Node

php-shop-systemixxo_cartRange≤3.9.6.0standalone

CPENameOperatorVersion
php-shop-system:ixxo_cartphp-shop-system ixxo carteq*

CPE	Name	Operator	Version
php-shop-system:ixxo_cart	php-shop-system ixxo cart	eq	*

References

secunia.com/advisories/36009

www.davidsopas.com/2009/07/25/ixxo-cart-standalone-and-joomla-component-sql-injection/

www.exploit-db.com/exploits/9276

www.securityfocus.com/archive/1/505266/100/0/threaded

www.securityfocus.com/bid/35810

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

37.7%

JSON

Related for CVE-2009-3215

prion1 cvelist1 nvd1