Lucene search

[email protected]NVD:CVE-2009-0402

HistoryFeb 03, 2009 - 7:30 p.m.

CVE-2009-0402

2009-02-0319:30:00

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.01

Percentile

83.4%

JSON

SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname, (2) christname, (3) company_name, (4) is_company, (5) email, (6) phone, (7) fax, (8) addr1, (9) addr2, (10) addr3, (11) zipcode, (12) city, (13) state, (14) country, and (15) vat_num parameters.

Affected configurations

Nvd

Node

gplhostdomain_technologie_controlRange≤0.29.8

gplhostdomain_technologie_controlMatch0.26.7

gplhostdomain_technologie_controlMatch0.26.8

gplhostdomain_technologie_controlMatch0.26.9

gplhostdomain_technologie_controlMatch0.27.3

gplhostdomain_technologie_controlMatch0.28.2

gplhostdomain_technologie_controlMatch0.28.3

gplhostdomain_technologie_controlMatch0.28.10

gplhostdomain_technologie_controlMatch0.29.1

VendorProductVersionCPE
gplhostdomain_technologie_control*cpe:2.3:a:gplhost:domain_technologie_control:*:*:*:*:*:*:*:*
gplhostdomain_technologie_control0.26.7cpe:2.3:a:gplhost:domain_technologie_control:0.26.7:*:*:*:*:*:*:*
gplhostdomain_technologie_control0.26.8cpe:2.3:a:gplhost:domain_technologie_control:0.26.8:*:*:*:*:*:*:*
gplhostdomain_technologie_control0.26.9cpe:2.3:a:gplhost:domain_technologie_control:0.26.9:*:*:*:*:*:*:*
gplhostdomain_technologie_control0.27.3cpe:2.3:a:gplhost:domain_technologie_control:0.27.3:*:*:*:*:*:*:*
gplhostdomain_technologie_control0.28.2cpe:2.3:a:gplhost:domain_technologie_control:0.28.2:*:*:*:*:*:*:*
gplhostdomain_technologie_control0.28.3cpe:2.3:a:gplhost:domain_technologie_control:0.28.3:*:*:*:*:*:*:*
gplhostdomain_technologie_control0.28.10cpe:2.3:a:gplhost:domain_technologie_control:0.28.10:*:*:*:*:*:*:*
gplhostdomain_technologie_control0.29.1cpe:2.3:a:gplhost:domain_technologie_control:0.29.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gplhost	domain_technologie_control	*	cpe:2.3:a:gplhost:domain_technologie_control::::::::
gplhost	domain_technologie_control	0.26.7	cpe:2.3:a:gplhost:domain_technologie_control:0.26.7:::::::*
gplhost	domain_technologie_control	0.26.8	cpe:2.3:a:gplhost:domain_technologie_control:0.26.8:::::::*
gplhost	domain_technologie_control	0.26.9	cpe:2.3:a:gplhost:domain_technologie_control:0.26.9:::::::*
gplhost	domain_technologie_control	0.27.3	cpe:2.3:a:gplhost:domain_technologie_control:0.27.3:::::::*
gplhost	domain_technologie_control	0.28.2	cpe:2.3:a:gplhost:domain_technologie_control:0.28.2:::::::*
gplhost	domain_technologie_control	0.28.3	cpe:2.3:a:gplhost:domain_technologie_control:0.28.3:::::::*
gplhost	domain_technologie_control	0.28.10	cpe:2.3:a:gplhost:domain_technologie_control:0.28.10:::::::*
gplhost	domain_technologie_control	0.29.1	cpe:2.3:a:gplhost:domain_technologie_control:0.29.1:::::::*

References

freshmeat.net/projects/dtc/?branch_id=22759&release_id=292973

git.gplhost.com/gitweb/?p=dtc.git%3Ba=commitdiff%3Bh=056e1d1849ff3aa183a410e2aab1c1c3e969247d

osvdb.org/51631

secunia.com/advisories/33698

www.securityfocus.com/bid/33496

exchange.xforce.ibmcloud.com/vulnerabilities/48292

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.01

Percentile

83.4%

JSON

Related for NVD:CVE-2009-0402

cvelist1 prion1 cve1