CVE-2009-2366

{"id": "CVE-2009-2366", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-07-08T15:30:01.343", "references": [{"url": "http://secunia.com/advisories/35589", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/35603", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/9024", "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/55496", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/55497", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51403", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/35589", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://secunia.com/advisories/35603", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.exploit-db.com/exploits/9024", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/55496", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/55497", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51403", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in login.asp in DataCheck Solutions ForumPal FE 1.1 and ForumPal 1.5 allows remote attackers to execute arbitrary SQL commands via the (1) password parameter in 1.1 and (2) p_password parameter in 1.5. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "Vulnerabilidad de inyecci\u00f3n SQL en login.asp en DataCheck Solutions ForumPal FE v1.1 y ForumPal v.1.5 permite a atacantes remotos ejecutar comandos SQL a su elecci\u00f3n a trav\u00e9s de (1) par\u00e1metro password en v1.1 y (2) par\u00e1metro p_password en v.1.5. NOTA: algunos de estos detalles se han obtenido exclusivamente de informaci\u00f3n de terceros."}], "lastModified": "2024-11-21T01:04:42.467", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:datachecknh:forumpal:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "902F1AA0-8056-4A42-8730-A7C1B0076698"}, {"criteria": "cpe:2.3:a:datachecknh:forumpal_fe:1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2170FD4B-44CB-4EB3-A610-F37B2A98CDFC"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}