Lucene search
HistoryApr 22, 2010 - 2:30 p.m.
CVE-2009-4796
cve-2009-4796
sql injection
executequeries function
glfusion
security vulnerabilities
nvd
8.8 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
45.3%
Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order and (2) direction parameters to search.php.
Affected configurations
Node
glfusionglfusionRange≤1.1.2
ORglfusionglfusionMatch1.0.0
ORglfusionglfusionMatch1.0.0rc1
ORglfusionglfusionMatch1.0.0rc2
ORglfusionglfusionMatch1.0.1
ORglfusionglfusionMatch1.1.0
ORglfusionglfusionMatch1.1.0rc1
ORglfusionglfusionMatch1.1.1
Related
openvas
openvas
glFusion Multiple SQL Injection Vulnerabilities
2010-04-29 00:00:00
cvelist
cvelist
CVE-2009-4796
2010-04-22 14:00:00
prion
prion
Sql injection
2010-04-22 14:30:00
nvd
nvd
CVE-2009-4796
2010-04-22 14:30:00
8.8 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
Access Complexity
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
45.3%
Related for CVE-2009-4796