Lucene search

[email protected]NVD:CVE-2014-9102

HistoryNov 26, 2014 - 3:59 p.m.

CVE-2014-9102

2014-11-2615:59:17

CWE-89

[email protected]

web.nvd.nist.gov

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.9%

JSON

Multiple SQL injection vulnerabilities in the Kunena component before 3.0.6 for Joomla! allow remote authenticated users to execute arbitrary SQL commands via the index value in an array parameter, as demonstrated by the topics[] parameter in an unfavorite action to index.php.

Affected configurations

NVD

Node

kunenakunenaRange≤3.0.5joomla\!

References

packetstormsecurity.com/files/127683/Joomla-Kunena-Forum-3.0.5-SQL-Injection.html

www.kunena.org/blog/139-kunena-3-0-6-released

www.kunena.org/docs/Kunena_3.0.6_Read_Me

www.securityfocus.com/bid/68956

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

8.1 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

55.9%

JSON

Related for NVD:CVE-2014-9102

cvelist1 cve1 prion1 openvas1