Multiple SQL injection vulnerabilities in default.asp in MyDesign Sayac 2.0 allow remote attackers to execute arbitrary SQL commands via (1) the user parameter (aka UserName field) or (2) the pass parameter (aka Pass field) to (a) admin/admin.asp or (b) the default URI under admin/. NOTE: some of these details are obtained from third party information.
References
Link | Resource |
---|---|
http://osvdb.org/51754 | |
http://secunia.com/advisories/33771 | Vendor Advisory |
http://www.securityfocus.com/bid/33593 | Exploit |
https://www.exploit-db.com/exploits/7963 | |
http://osvdb.org/51754 | |
http://secunia.com/advisories/33771 | Vendor Advisory |
http://www.securityfocus.com/bid/33593 | Exploit |
https://www.exploit-db.com/exploits/7963 |
Configurations
History
21 Nov 2024, 00:59
Type | Values Removed | Values Added |
---|---|---|
References | () http://osvdb.org/51754 - | |
References | () http://secunia.com/advisories/33771 - Vendor Advisory | |
References | () http://www.securityfocus.com/bid/33593 - Exploit | |
References | () https://www.exploit-db.com/exploits/7963 - |
Information
Published : 2009-02-10 07:00
Updated : 2024-11-21 00:59
NVD link : CVE-2009-0447
Mitre link : CVE-2009-0447
CVE.ORG link : CVE-2009-0447
JSON object : View
Products Affected
aspindir
- mydesign_sayac
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')