Vulnerability CVE-2009-1813


Published: 2009-05-29   Modified: 2012-02-13

Description:
Multiple SQL injection vulnerabilities in admin/index.php in Submitter Script 2 allow remote attackers to execute arbitrary SQL commands via (1) the uNev parameter (aka the username field) or (2) the uJelszo parameter (aka the Password field).

See advisories in our WLB2 database:
Topic
Author
Date
High
Submitter Script (Auth Bypass) SQL Injection Vulnerability
ThE g0bL!N
01.06.2009

Type:

CWE-89

(Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection'))

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial
Affected software
Submitterscript -> Submitterscript 

 References:
http://xforce.iss.net/xforce/xfdb/50552
http://www.vupen.com/english/advisories/2009/1327
http://www.securityfocus.com/bid/34970
http://www.milw0rm.com/exploits/8683
http://secunia.com/advisories/35088
http://osvdb.org/54475

Copyright 2024, cxsecurity.com

 

Back to Top