Lucene search

MitreCVE-2009-3215

HistorySep 16, 2009 - 7:30 p.m.

CVE-2009-3215

2009-09-1619:30:00

CWE-89

mitre

web.nvd.nist.gov

cve-2009-3215

sql injection

ixxo cart standalone

joomla

nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.001

Percentile

37.5%

JSON

SQL injection vulnerability in IXXO Cart Standalone before 3.9.6.1, and the IXXO Cart component for Joomla! 1.0.x, allows remote attackers to execute arbitrary SQL commands via the parent parameter.

Affected configurations

Nvd

Node

php-shop-systemixxo_cart

AND

joomlajoomlaMatch1.0

joomlajoomlaMatch1.0.0

joomlajoomlaMatch1.0.1

joomlajoomlaMatch1.0.2

joomlajoomlaMatch1.0.3

joomlajoomlaMatch1.0.4

joomlajoomlaMatch1.0.5

joomlajoomlaMatch1.0.6

joomlajoomlaMatch1.0.7

joomlajoomlaMatch1.0.8

joomlajoomlaMatch1.0.9

joomlajoomlaMatch1.0.10

joomlajoomlaMatch1.0.11

joomlajoomlaMatch1.0.12

joomlajoomlaMatch1.0.13

joomlajoomlaMatch1.0.14

joomlajoomlaMatch1.03

joomlajoomlaMatch1.5

joomlajoomlaMatch1.5rc1

joomlajoomlaMatch1.5rc2

joomlajoomlaMatch1.5rc3

joomlajoomlaMatch1.5.0beta

joomlajoomlaMatch1.5.0beta1

joomlajoomlaMatch1.5.0beta2

joomlajoomlaMatch1.5.0rc1

joomlajoomlaMatch1.5.1

joomlajoomlaMatch1.5.2

joomlajoomlaMatch1.5.3

joomlajoomlaMatch1.5.4

joomlajoomlaMatch1.5.5

joomlajoomlaMatch1.5.6

joomlajoomlaMatch1.5.7

joomlajoomlaMatch1.5.8

joomlajoomlaMatch1.5.9

joomlajoomlaMatch1.5.10

joomlajoomlaMatch1.5rc4

joomlajoomlaMatch1.8.1

Node

php-shop-systemixxo_cartRange≤3.9.6.0standalone

VendorProductVersionCPE
php-shop-systemixxo_cart*cpe:2.3:a:php-shop-system:ixxo_cart:*:*:*:*:*:*:*:*
joomlajoomla1.0cpe:2.3:a:joomla:joomla:1.0:*:*:*:*:*:*:*
joomlajoomla1.0.0cpe:2.3:a:joomla:joomla:1.0.0:*:*:*:*:*:*:*
joomlajoomla1.0.1cpe:2.3:a:joomla:joomla:1.0.1:*:*:*:*:*:*:*
joomlajoomla1.0.2cpe:2.3:a:joomla:joomla:1.0.2:*:*:*:*:*:*:*
joomlajoomla1.0.3cpe:2.3:a:joomla:joomla:1.0.3:*:*:*:*:*:*:*
joomlajoomla1.0.4cpe:2.3:a:joomla:joomla:1.0.4:*:*:*:*:*:*:*
joomlajoomla1.0.5cpe:2.3:a:joomla:joomla:1.0.5:*:*:*:*:*:*:*
joomlajoomla1.0.6cpe:2.3:a:joomla:joomla:1.0.6:*:*:*:*:*:*:*
joomlajoomla1.0.7cpe:2.3:a:joomla:joomla:1.0.7:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
php-shop-system	ixxo_cart	*	cpe:2.3:a:php-shop-system:ixxo_cart::::::::
joomla	joomla	1.0	cpe:2.3:a:joomla:joomla:1.0:::::::*
joomla	joomla	1.0.0	cpe:2.3:a:joomla:joomla:1.0.0:::::::*
joomla	joomla	1.0.1	cpe:2.3:a:joomla:joomla:1.0.1:::::::*
joomla	joomla	1.0.2	cpe:2.3:a:joomla:joomla:1.0.2:::::::*
joomla	joomla	1.0.3	cpe:2.3:a:joomla:joomla:1.0.3:::::::*
joomla	joomla	1.0.4	cpe:2.3:a:joomla:joomla:1.0.4:::::::*
joomla	joomla	1.0.5	cpe:2.3:a:joomla:joomla:1.0.5:::::::*
joomla	joomla	1.0.6	cpe:2.3:a:joomla:joomla:1.0.6:::::::*
joomla	joomla	1.0.7	cpe:2.3:a:joomla:joomla:1.0.7:::::::*

Rows per page:

1-10 of 391

References

secunia.com/advisories/36009

www.davidsopas.com/2009/07/25/ixxo-cart-standalone-and-joomla-component-sql-injection/

www.exploit-db.com/exploits/9276

www.securityfocus.com/archive/1/505266/100/0/threaded

www.securityfocus.com/bid/35810

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

8.4

Confidence

Low

EPSS

0.001

Percentile

37.5%

JSON

Related for CVE-2009-3215