Lucene search

[email protected]CVE-2009-4936

HistoryJul 22, 2010 - 10:00 a.m.

CVE-2009-4936

2010-07-2210:00:00

CWE-89

[email protected]

web.nvd.nist.gov

cve-2009-4936

sql injection

small pirate

spirate 2.1

remote attackers

security vulnerability

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.4%

JSON

Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-comment.php.

Affected configurations

NVD

Node

spiratesmall_pirateMatch2.1

CPENameOperatorVersion
spirate:small_piratespirate small pirateeq2.1

CPE	Name	Operator	Version
spirate:small_pirate	spirate small pirate	eq	2.1

References

osvdb.org/54784

osvdb.org/54785

osvdb.org/54786

osvdb.org/54787

osvdb.org/54788

secunia.com/advisories/35272

www.exploit-db.com/exploits/8819

www.securityfocus.com/archive/1/503863/100/0/threaded

exchange.xforce.ibmcloud.com/vulnerabilities/50837

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

8.8 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

72.4%

JSON

Related for CVE-2009-4936

cvelist1 nvd1 prion1