Lucene search

MitreCVE-2009-4296

HistoryDec 11, 2009 - 7:30 p.m.

CVE-2009-4296

2009-12-1119:30:00

CWE-89

mitre

web.nvd.nist.gov

sql injection

vulnerability

drupal

taxonomy timer

remote attackers

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.003

Percentile

71.7%

JSON

SQL injection vulnerability in the Taxonomy Timer module 5.x-1.8 and earlier and 6.x-alpha1 and earlier for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Affected configurations

Nvd

Node

brian_millertaxonomy_timerRange≤5.x-1.8

brian_millertaxonomy_timerRange≤6.x-1.0-alpha1

brian_millertaxonomy_timerMatch5.x-0.1

brian_millertaxonomy_timerMatch5.x-1.0

brian_millertaxonomy_timerMatch5.x-1.0beta1

brian_millertaxonomy_timerMatch5.x-1.1

brian_millertaxonomy_timerMatch5.x-1.2

brian_millertaxonomy_timerMatch5.x-1.3

brian_millertaxonomy_timerMatch5.x-1.4

brian_millertaxonomy_timerMatch5.x-1.6

brian_millertaxonomy_timerMatch5.x-1.7

AND

drupaldrupal

VendorProductVersionCPE
brian_millertaxonomy_timer*cpe:2.3:a:brian_miller:taxonomy_timer:*:*:*:*:*:*:*:*
brian_millertaxonomy_timer5.x-0.1cpe:2.3:a:brian_miller:taxonomy_timer:5.x-0.1:*:*:*:*:*:*:*
brian_millertaxonomy_timer5.x-1.0cpe:2.3:a:brian_miller:taxonomy_timer:5.x-1.0:*:*:*:*:*:*:*
brian_millertaxonomy_timer5.x-1.0beta1cpe:2.3:a:brian_miller:taxonomy_timer:5.x-1.0beta1:*:*:*:*:*:*:*
brian_millertaxonomy_timer5.x-1.1cpe:2.3:a:brian_miller:taxonomy_timer:5.x-1.1:*:*:*:*:*:*:*
brian_millertaxonomy_timer5.x-1.2cpe:2.3:a:brian_miller:taxonomy_timer:5.x-1.2:*:*:*:*:*:*:*
brian_millertaxonomy_timer5.x-1.3cpe:2.3:a:brian_miller:taxonomy_timer:5.x-1.3:*:*:*:*:*:*:*
brian_millertaxonomy_timer5.x-1.4cpe:2.3:a:brian_miller:taxonomy_timer:5.x-1.4:*:*:*:*:*:*:*
brian_millertaxonomy_timer5.x-1.6cpe:2.3:a:brian_miller:taxonomy_timer:5.x-1.6:*:*:*:*:*:*:*
brian_millertaxonomy_timer5.x-1.7cpe:2.3:a:brian_miller:taxonomy_timer:5.x-1.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
brian_miller	taxonomy_timer	*	cpe:2.3:a:brian_miller:taxonomy_timer::::::::
brian_miller	taxonomy_timer	5.x-0.1	cpe:2.3:a:brian_miller:taxonomy_timer:5.x-0.1:::::::*
brian_miller	taxonomy_timer	5.x-1.0	cpe:2.3:a:brian_miller:taxonomy_timer:5.x-1.0:::::::*
brian_miller	taxonomy_timer	5.x-1.0beta1	cpe:2.3:a:brian_miller:taxonomy_timer:5.x-1.0beta1:::::::*
brian_miller	taxonomy_timer	5.x-1.1	cpe:2.3:a:brian_miller:taxonomy_timer:5.x-1.1:::::::*
brian_miller	taxonomy_timer	5.x-1.2	cpe:2.3:a:brian_miller:taxonomy_timer:5.x-1.2:::::::*
brian_miller	taxonomy_timer	5.x-1.3	cpe:2.3:a:brian_miller:taxonomy_timer:5.x-1.3:::::::*
brian_miller	taxonomy_timer	5.x-1.4	cpe:2.3:a:brian_miller:taxonomy_timer:5.x-1.4:::::::*
brian_miller	taxonomy_timer	5.x-1.6	cpe:2.3:a:brian_miller:taxonomy_timer:5.x-1.6:::::::*
brian_miller	taxonomy_timer	5.x-1.7	cpe:2.3:a:brian_miller:taxonomy_timer:5.x-1.7:::::::*

Rows per page:

1-10 of 111

References

drupal.org/node/641050

drupal.org/node/641064

drupal.org/node/649396

secunia.com/advisories/37573

www.securityfocus.com/bid/37189

www.vupen.com/english/advisories/2009/3388

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.003

Percentile

71.7%

JSON

Related for CVE-2009-4296