Lucene search

PRIOn knowledge basePRION:CVE-2009-1409

HistoryApr 24, 2009 - 2:30 p.m.

Sql injection

2009-04-2414:30:00

PRIOn knowledge base

www.prio-n.com

8.7 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

51.4%

JSON

SQL injection vulnerability in usersettings.php in e107 0.7.15 and earlier, when “Extended User Fields” is enabled and magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the hide parameter, a different vector than CVE-2005-4224 and CVE-2008-5320.

CPENameOperatorVersion
e107eq0.551.0-beta
e107eq0.6175
e107eq0.616
e107eq0.7.10
e107eq0.6174
e107eq5.05
e107eq0.549.0-beta
e107eq0.615.97
e107eq0.7.7
e107eq0.6.15

Name	Operator	Version
e107	eq	0.551.0-beta
e107	eq	0.6175
e107	eq	0.616
e107	eq	0.7.10
e107	eq	0.6174
e107	eq	5.05
e107	eq	0.549.0-beta
e107	eq	0.615.97
e107	eq	0.7.7
e107	eq	0.6.15

Rows per page:

1-10 of 671

References

osvdb.org/53812

secunia.com/advisories/34823

www.securityfocus.com/bid/34614

exchange.xforce.ibmcloud.com/vulnerabilities/49981

www.exploit-db.com/exploits/8495

8.7 High

AI Score

Confidence

Low

5.1 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

0.002 Low

EPSS

Percentile

51.4%

JSON

Related for PRION:CVE-2009-1409