CVE-2009-0252

Sažetak

Multiple SQL injection vulnerabilities in default.asp in Enthrallweb eReservations allow remote attackers to execute arbitrary SQL commands via the (1) Login parameter (aka username field) or the (2) Password parameter (aka password field). NOTE: some of these details are obtained from third party information.

Reference

http://osvdb.org/51456
http://secunia.com/advisories/33578
http://www.securityfocus.com/bid/33321
https://exchange.xforce.ibmcloud.com/vulnerabilities/48062
https://www.exploit-db.com/exploits/7801

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

29-09-2017 - 01:33

Objavljeno

22-01-2009 - 16:30