Lucene search
HistoryApr 22, 2010 - 2:30 p.m.
CVE-2009-4794
cve-2009-4794
sql injection
community cms 0.5
remote attackers
arbitrary sql commands
nvd
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
30.3%
Multiple SQL injection vulnerabilities in Community CMS 0.5 allow remote attackers to execute arbitrary SQL commands via the (1) article_id parameter to view.php and the (2) a parameter in an event action to calendar.php, reachable through index.php.
Affected configurations
Node
community_cmscommunity_cmsMatch0.5
| CPE | Name | Operator | Version |
|---|---|---|---|
| community_cms:community_cms | community cms | eq | 0.5 |
Related
openvas
openvas
Community CMS <= 0.5 Multiple SQLi Vulnerabilities - Active Check
2009-04-05 00:00:00
Community CMS 'index.php' and 'view.php' SQL Injection Vulnerabilities
2009-04-05 00:00:00
prion
prion
Sql injection
2010-04-22 14:30:00
nvd
nvd
CVE-2009-4794
2010-04-22 14:30:00
cvelist
cvelist
CVE-2009-4794
2010-04-22 14:00:00
7.5 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
8.7 High
AI Score
Confidence
Low
0.001 Low
EPSS
Percentile
30.3%
Related for CVE-2009-4794