Lucene search
HistoryOct 02, 2009 - 7:30 p.m.
CVE-2009-3532
sql injection
logrover
login.asp
remote attackers
arbitrary commands
cve-2009-3532
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.5 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
61.4%
Multiple SQL injection vulnerabilities in login.asp (aka the login screen) in LogRover 2.3 and 2.3.3 on Windows allow remote attackers to execute arbitrary SQL commands via the (1) uname and (2) pword parameters. NOTE: some of these details are obtained from third party information.
Affected configurations
Node
logroverlogroverMatch2.3
ORlogroverlogroverMatch2.3.3
microsoftwindows
| CPE | Name | Operator | Version |
|---|---|---|---|
| logrover:logrover | logrover | eq | 2.3 |
| logrover:logrover | logrover | eq | 2.3.3 |
Related
cvelist
cvelist
CVE-2009-3532
2009-10-02 19:00:00
nessus
nessus
Log Rover pword Parameter SQL Injection
2009-07-20 00:00:00
prion
prion
Sql injection
2009-10-02 19:30:00
nvd
nvd
CVE-2009-3532
2009-10-02 19:30:00
openvas
openvas
LogRover <= 2.3.3 SQLi Vulnerability - Active Check
2009-10-12 00:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.5 High
AI Score
Confidence
Low
0.002 Low
EPSS
Percentile
61.4%
Related for CVE-2009-3532