Lucene search
MitreCVE-2009-1038HistoryMar 20, 2009 - 6:30 p.m.
CVE-2009-1038
2009-03-2018:30:00
CWE-89
mitre
web.nvd.nist.gov
23
cve-2009-1038
sql injection
yap blog 1.1.1
nvd
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
8.3
Confidence
Low
EPSS
0.001
Percentile
46.7%
Multiple SQL injection vulnerabilities in YAP Blog 1.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) image_id parameter to comments.php, and remote authenticated administrators to execute arbitrary SQL commands via the (2) user parameter in a modif action to admin/index.php.
Affected configurations
Node
yapyap_blogMatch1.1.1
Related
cvelist
cvelist
CVE-2009-1038
2009-03-20 18:00:00
prion
prion
Sql injection
2009-03-20 18:30:00
exploitdb
exploitdb
YAP 1.1.1 - Blind SQL Injection / SQL Injection
2009-03-16 00:00:00
YAP 1.1.1 - 'index.php' Local File Inclusion
2009-03-13 00:00:00
nvd
nvd
CVE-2009-1038
2009-03-20 18:30:00
openvas
openvas
YAP Multiple SQL Injection Vulnerabilities
2009-03-29 00:00:00
Yap Blog <= 1.1.1 Multiple SQLi Vulnerabilities - Active Check
2009-03-29 00:00:00
CVSS2
6.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:S/C:P/I:P/A:P
AI Score
8.3
Confidence
Low
EPSS
0.001
Percentile
46.7%
Related for CVE-2009-1038