Lucene search

[email protected]CVE-2009-3504

HistoryOct 03, 2022 - 4:23 p.m.

CVE-2009-3504

2022-10-0316:23:54

CWE-89

[email protected]

web.nvd.nist.gov

cve-2009-3504

sql injection

alibaba clone 3.0

remote attackers

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.5%

JSON

SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Affected configurations

NVD

Node

alibabaclonealibaba_cloneMatch3.0

CPENameOperatorVersion
alibabaclone:alibaba_clonealibabaclone alibaba cloneeq3.0

CPE	Name	Operator	Version
alibabaclone:alibaba_clone	alibabaclone alibaba clone	eq	3.0

References

packetstormsecurity.org/0909-exploits/alibaba30-sql.txt

secunia.com/advisories/36845

www.vupen.com/english/advisories/2009/2737

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

61.5%

JSON

Related for CVE-2009-3504

cvelist1 nvd1 prion1