Lucene search

[email protected]CVE-2009-3968

HistoryNov 18, 2009 - 11:30 p.m.

CVE-2009-3968

2009-11-1823:30:00

CWE-89

[email protected]

web.nvd.nist.gov

cve

sql injection

itechbids 8.0

remote attackers

execute arbitrary commands

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.8%

JSON

Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php, (2) cate_id parameter to category.php, (3) id parameter to news.php, and (4) productid parameter to itechd.php. NOTE: the sellers_othersitem.php, classifieds.php, and shop.php vectors are already covered by CVE-2008-3238.

Affected configurations

NVD

Node

itechscriptsitechbidsMatch8.0

CPENameOperatorVersion
itechscripts:itechbidsitechscripts itechbidseq8.0

CPE	Name	Operator	Version
itechscripts:itechbids	itechscripts itechbids	eq	8.0

References

secunia.com/advisories/36437

www.exploit-db.com/exploits/9497

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.003 Low

EPSS

Percentile

70.8%

JSON

Related for CVE-2009-3968

nvd2 prion2 cvelist2 cve1