DATABASE RESOURCES PRICING ABOUT US

{"id": "CVE-2009-3330", "vendorId": null, "type": "cve", "bulletinFamily": "NVD", "title": "CVE-2009-3330", "description": "SQL injection vulnerability in index.php in cP Creator 2.7.1, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the tickets parameter in a support ticket action.", "published": "2009-09-23T12:08:00", "modified": "2017-09-19T01:29:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "cvss2": {"cvssV2": {"version": "2.0", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "accessVector": "NETWORK", "accessComplexity": "MEDIUM", "authentication": "NONE", "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "baseScore": 6.8}, "severity": "MEDIUM", "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}, "cvss3": {}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3330", "reporter": "cve@mitre.org", "references": ["http://secunia.com/advisories/36815", "http://www.exploit-db.com/exploits/9726"], "cvelist": ["CVE-2009-3330"], "immutableFields": [], "lastseen": "2022-03-23T21:34:20", "viewCount": 13, "enchantments": {"dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310801006", "OPENVAS:801006"]}], "rev": 4}, "score": {"value": 6.9, "vector": "NONE"}, "backreferences": {"references": [{"type": "openvas", "idList": ["OPENVAS:801006"]}]}, "exploitation": null, "vulnersScore": 6.9}, "_state": {"dependencies": 1659687063, "score": 1659761193}, "_internal": {}, "cna_cvss": {"cna": null, "cvss": {}}, "cpe": ["cpe:/a:cpecreator:cp_creator:2.7.1"], "cpe23": ["cpe:2.3:a:cpecreator:cp_creator:2.7.1:*:*:*:*:*:*:*"], "cwe": ["CWE-89"], "affectedSoftware": [{"cpeName": "cpecreator:cp_creator", "version": "2.7.1", "operator": "eq", "name": "cpecreator cp creator"}], "affectedConfiguration": [], "cpeConfiguration": {"CVE_data_version": "4.0", "nodes": [{"operator": "OR", "children": [], "cpe_match": [{"vulnerable": true, "cpe23Uri": "cpe:2.3:a:cpecreator:cp_creator:2.7.1:*:*:*:*:*:*:*", "cpe_name": []}]}]}, "extraReferences": [{"url": "http://secunia.com/advisories/36815", "name": "36815", "refsource": "SECUNIA", "tags": []}, {"url": "http://www.exploit-db.com/exploits/9726", "name": "9726", "refsource": "EXPLOIT-DB", "tags": []}]}

{"openvas": [{"lastseen": "2020-05-12T17:33:23", "description": "The host is running cP Creator and is prone to SQL Injection\n Vulnerability", "cvss3": {}, "published": "2009-10-06T00:00:00", "type": "openvas", "title": "cP Creator 'tickets' Cookie SQL Injection Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3330"], "modified": "2020-05-08T00:00:00", "id": "OPENVAS:1361412562310801006", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310801006", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# cP Creator 'tickets' Cookie SQL Injection Vulnerability\n#\n# Authors:\n# Antu Sanadi<santu@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.801006\");\n script_version(\"2020-05-08T08:34:44+0000\");\n script_tag(name:\"last_modification\", value:\"2020-05-08 08:34:44 +0000 (Fri, 08 May 2020)\");\n script_tag(name:\"creation_date\", value:\"2009-10-06 07:21:15 +0200 (Tue, 06 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2009-3330\");\n script_name(\"cP Creator 'tickets' Cookie SQL Injection Vulnerability\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/36815\");\n script_xref(name:\"URL\", value:\"http://www.milw0rm.com/exploits/9726\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_family(\"Web application abuses\");\n script_dependencies(\"gb_cpcreator_detect.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_mandatory_keys(\"cpcreator/detected\");\n\n script_tag(name:\"impact\", value:\"Successful exploitation could allow remote attackers to conduct SQL\n injection attacks.\");\n\n script_tag(name:\"affected\", value:\"cP Creator Version 2.7.1 and prior.\");\n\n script_tag(name:\"insight\", value:\"Input passed to the 'tickets' cookie in index.php (if 'page' is\n set to 'support' and 'task' is set to 'ticket') is not properly sanitised before being used in SQL queries.\");\n\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year since the disclosure\n of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer\n release, disable respective features, remove the product or replace the product by another one.\");\n\n script_tag(name:\"summary\", value:\"The host is running cP Creator and is prone to SQL Injection\n Vulnerability\");\n\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\ncpcreatPort = http_get_port(default:80);\n\ncpcreatVer = get_kb_item(\"www/\" + cpcreatPort + \"/cPCreator\");\nif(!cpcreatVer)\n exit(0);\n\ncpcreatVer = eregmatch(pattern:\"^(.+) under (/.*)$\", string:cpcreatVer);\nif(cpcreatVer[1] != NULL)\n{\n if(version_is_less_equal(version:cpcreatVer[1], test_version:\"2.7.1\")){\n security_message(cpcreatPort);\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-02T21:14:08", "description": "The host is running cP Creator and is prone to SQL Injection\nVulnerability", "cvss3": {}, "published": "2009-10-06T00:00:00", "type": "openvas", "title": "cP Creator 'tickets' Cookie SQL Injection Vulnerability", "bulletinFamily": "scanner", "cvss2": {}, "cvelist": ["CVE-2009-3330"], "modified": "2016-12-28T00:00:00", "id": "OPENVAS:801006", "href": "http://plugins.openvas.org/nasl.php?oid=801006", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: gb_cpcreator_sql_inj_vuln.nasl 4865 2016-12-28 16:16:43Z teissa $\n#\n# cP Creator 'tickets' Cookie SQL Injection Vulnerability\n#\n# Authors:\n# Antu Sanadi<santu@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH, http://www.greenbone.net\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation could allow remote attackers to conduct SQL\ninjection attacks.\n\nImpact Level: Application.\";\n\ntag_affected = \"cP Creator Version 2.7.1 and prior.\";\n\ntag_insight = \"Input passed to the 'tickets' cookie in index.php (if 'page' is\nset to 'support' and 'task' is set to 'ticket') is not properly sanitised before\nbeing used in SQL queries.\";\n\ntag_solution = \"No solution or patch was made available for at least one year\nsince disclosure of this vulnerability. Likely none will be provided anymore.\nGeneral solution options are to upgrade to a newer release, disable respective\nfeatures, remove the product or replace the product by another one.\";\n\ntag_summary = \"The host is running cP Creator and is prone to SQL Injection\nVulnerability\";\n\nif(description)\n{\n script_id(801006);\n script_version(\"$Revision: 4865 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2016-12-28 17:16:43 +0100 (Wed, 28 Dec 2016) $\");\n script_tag(name:\"creation_date\", value:\"2009-10-06 07:21:15 +0200 (Tue, 06 Oct 2009)\");\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_cve_id(\"CVE-2009-3330\");\n script_name(\"cP Creator 'tickets' Cookie SQL Injection Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/36815\");\n script_xref(name : \"URL\" , value : \"http://www.milw0rm.com/exploits/9726\");\n\n script_tag(name:\"qod_type\", value:\"remote_banner\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"gb_cpcreator_detect.nasl\");\n script_family(\"Web application abuses\");\n script_require_ports(\"Services/www\", 80);\n script_tag(name : \"impact\" , value : tag_impact);\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n exit(0);\n}\n\n\ninclude(\"http_func.inc\");\ninclude(\"version_func.inc\");\n\ncpcreatPort = get_http_port(default:80);\nif(!cpcreatPort){\n exit(0);\n}\n\ncpcreatVer = get_kb_item(\"www/\" + cpcreatPort + \"/cPCreator\");\nif(!cpcreatVer){\n exit(0);\n}\n\ncpcreatVer = eregmatch(pattern:\"^(.+) under (/.*)$\", string:cpcreatVer);\nif(cpcreatVer[1] != NULL)\n{\n if(version_is_less_equal(version:cpcreatVer[1], test_version:\"2.7.1\")){\n security_message(cpcreatPort);\n }\n}\n", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}