Lucene search

[email protected]CVE-2009-4058

HistoryNov 24, 2009 - 2:30 a.m.

CVE-2009-4058

2009-11-2402:30:00

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

telebid auction script

vulnerability

remote attackers

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.0%

JSON

SQL injection vulnerability in allauctions.php in Telebid Auction Script allows remote attackers to execute arbitrary SQL commands via the aid parameter.

Affected configurations

NVD

Node

telebidauctionscripttelebid_auction_script

CPENameOperatorVersion
telebidauctionscript:telebid_auction_scripttelebidauctionscript telebid auction scripteq*

CPE	Name	Operator	Version
telebidauctionscript:telebid_auction_script	telebidauctionscript telebid auction script	eq	*

References

osvdb.org/60307

secunia.com/advisories/37417

www.exploit-db.com/exploit.php?id=10165

exchange.xforce.ibmcloud.com/vulnerabilities/54349

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.0%

JSON

Related for CVE-2009-4058

cvelist1 prion1 nvd1