Lucene search
MitreCVE-2009-1742HistoryMay 20, 2009 - 7:30 p.m.
CVE-2009-1742
2009-05-2019:30:00
CWE-89
mitre
web.nvd.nist.gov
32
cve-2009-1742
sql injection
pc4arb pc4 uploader
code.php
nvd
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.8
Confidence
Low
EPSS
0.004
Percentile
74.2%
code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the “UNIunionON” string, which is collapsed into “UNION” by the filter_sql function.
Affected configurations
Node
pc4arbpc4_uploaderRange≤9.0
| Vendor | Product | Version | CPE |
|---|---|---|---|
| pc4arb | pc4_uploader | * | cpe:2.3:a:pc4arb:pc4_uploader:*:*:*:*:*:*:*:* |
Related
cvelist
cvelist
CVE-2009-1742
2009-05-20 19:00:00
exploitdb
exploitdb
Pc4Uploader 9.0 - Blind SQL Injection
2009-05-18 00:00:00
prion
prion
Sql injection
2009-05-20 19:30:00
nvd
nvd
CVE-2009-1742
2009-05-20 19:30:00
CVSS2
7.5
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
AI Score
7.8
Confidence
Low
EPSS
0.004
Percentile
74.2%
Related for CVE-2009-1742