Lucene search

K
cve[email protected]CVE-2009-3494
HistorySep 30, 2009 - 3:30 p.m.

CVE-2009-3494

2009-09-3015:30:00
CWE-89
web.nvd.nist.gov
20
cve-2009-3494
sql injection
index.php
t-htb manager 0.5
security vulnerability
nvd

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.8%

Multiple SQL injection vulnerabilities in index.php in T-HTB Manager 0.5, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the id parameter in a delete_category action, (2) the name parameter in an update_category action, and other vectors.

Affected configurations

NVD
Node
todor_lazarovt-htb_managerMatch0.5

6.8 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

39.8%

Related for CVE-2009-3494