CVE-2009-4437

Sažetak

Multiple SQL injection vulnerabilities in Active Auction House 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) catid parameter to wishlist.asp and the (2) linkid parameter to links.asp. NOTE: vector 1 might overlap CVE-2005-1029.1.

Reference

http://packetstormsecurity.org/0912-exploits/activeauctionhouse-sql.txt
http://secunia.com/advisories/14839
http://www.exploit-db.com/exploits/10520
http://www.securityfocus.com/bid/37401
https://exchange.xforce.ibmcloud.com/vulnerabilities/54891

CVSS

Base:	7.5
Impact:	6.4
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
PARTIAL	PARTIAL	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:P/I:P/A:P

Zadnje važnije ažuriranje

17-08-2017 - 01:31

Objavljeno

28-12-2009 - 19:00