Lucene search

[email protected]CVE-2009-3718

HistoryOct 16, 2009 - 4:30 p.m.

CVE-2009-3718

2009-10-1616:30:01

CWE-89

[email protected]

web.nvd.nist.gov

cve-2009-3718

sql injection

admin authentication

battle blog 1.25

battle blog 1.30

remote attackers

arbitrary sql commands

username parameter

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.9%

JSON

SQL injection vulnerability in admin/authenticate.asp in Battle Blog 1.25 and 1.30 build 2 allows remote attackers to execute arbitrary SQL commands via the UserName parameter.

Affected configurations

NVD

Node

davethewebguybattle_blogMatch1.25

davethewebguybattle_blogMatch1.30

CPENameOperatorVersion
davethewebguy:battle_blogdavethewebguy battle blogeq1.25
davethewebguy:battle_blogdavethewebguy battle blogeq1.30

CPE	Name	Operator	Version
davethewebguy:battle_blog	davethewebguy battle blog	eq	1.25
davethewebguy:battle_blog	davethewebguy battle blog	eq	1.30

References

full-discl0sure.blogspot.com/2009/07/battle-blog-sqlhtml-injection.html

secunia.com/advisories/35864

www.exploit-db.com/exploits/9183

www.osvdb.org/55991

www.securityfocus.com/bid/35726

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

53.9%

JSON

Related for CVE-2009-3718

nvd1 cvelist1 prion1