Lucene search

[email protected]CVE-2009-4600

HistoryJan 12, 2010 - 5:30 p.m.

CVE-2009-4600

2010-01-1217:30:01

CWE-89

[email protected]

web.nvd.nist.gov

sql injection

realestate20/loginaction.php

netart media real estate portal 2.0

email parameter

nvd

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.7%

JSON

SQL injection vulnerability in realestate20/loginaction.php in NetArt Media Real Estate Portal 2.0 allows remote attackers to execute arbitrary SQL commands via the Email parameter (aka the username field). NOTE: some of these details are obtained from third party information.

Affected configurations

NVD

Node

netartmediamedia_real_estate_portalMatch2.0

CPENameOperatorVersion
netartmedia:media_real_estate_portalnetartmedia media real estate portaleq2.0

CPE	Name	Operator	Version
netartmedia:media_real_estate_portal	netartmedia media real estate portal	eq	2.0

References

osvdb.org/60866

secunia.com/advisories/37633

www.exploit-db.com/exploits/10361

www.securityfocus.com/bid/37265

exchange.xforce.ibmcloud.com/vulnerabilities/54647

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.7 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.7%

JSON

Related for CVE-2009-4600

cvelist1 prion1 nvd1