Lucene search

[email protected]NVD:CVE-2009-2308

HistoryJul 02, 2009 - 10:30 a.m.

CVE-2009-2308

2009-07-0210:30:00

CWE-89

[email protected]

web.nvd.nist.gov

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.6

Confidence

Low

EPSS

0.001

Percentile

42.6%

JSON

Multiple SQL injection vulnerabilities in affiliates.php in the Affiliation (aka Affiliates) module 1.1.0 and earlier for PunBB allow remote attackers to execute arbitrary SQL commands via the (1) in or (2) out parameter.

Affected configurations

Nvd

Node

punbbpunbb

AND

punresaffiliates_modRange≤1.1.0

punresaffiliates_modMatch1.0.0

VendorProductVersionCPE
punbbpunbb*cpe:2.3:a:punbb:punbb:*:*:*:*:*:*:*:*
punresaffiliates_mod*cpe:2.3:a:punres:affiliates_mod:*:*:*:*:*:*:*:*
punresaffiliates_mod1.0.0cpe:2.3:a:punres:affiliates_mod:1.0.0:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
punbb	punbb	*	cpe:2.3:a:punbb:punbb::::::::
punres	affiliates_mod	*	cpe:2.3:a:punres:affiliates_mod::::::::
punres	affiliates_mod	1.0.0	cpe:2.3:a:punres:affiliates_mod:1.0.0:::::::*

References

packetstormsecurity.org/0906-exploits/punbbaffiliations-blindsql.txt

packetstormsecurity.org/0906-exploits/punbbaffiliationsin-blindsql.txt

secunia.com/advisories/35654

www.exploit-db.com/exploits/9055

www.osvdb.org/55478

exchange.xforce.ibmcloud.com/vulnerabilities/51437

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.6

Confidence

Low

EPSS

0.001

Percentile

42.6%

JSON

Related for NVD:CVE-2009-2308

prion1 exploitdb1 cvelist1 cve1