Lucene search

[email protected]CVE-2009-3327

HistorySep 23, 2009 - 12:08 p.m.

CVE-2009-3327

2009-09-2312:08:35

CWE-89

[email protected]

web.nvd.nist.gov

cve-2009-3327

sql injection

wx-guestbook

remote attackers

arbitrary commands

security vulnerability

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

47.4%

JSON

Multiple SQL injection vulnerabilities in WX-Guestbook 1.1.208 allow remote attackers to execute arbitrary SQL commands via the (1) QUERY parameter to search.php and (2) USERNAME parameter to login.php. NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

webilixwx-guestbookMatch1.1.208

CPENameOperatorVersion
webilix:wx-guestbookwebilix wx-guestbookeq1.1.208

CPE	Name	Operator	Version
webilix:wx-guestbook	webilix wx-guestbook	eq	1.1.208

References

secunia.com/advisories/36806

www.exploit-db.com/exploits/9730

8.5 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

Access Complexity

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

47.4%

JSON

Related for CVE-2009-3327

prion1 nvd1 cvelist1