Lucene search

[email protected]CVE-2009-4798

HistoryApr 22, 2010 - 2:30 p.m.

CVE-2009-4798

2010-04-2214:30:00

CWE-89

[email protected]

web.nvd.nist.gov

"cve-2009-4798

diskos cms

sql injection

remote attack

arbitrary commands"

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.9%

JSON

Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote attackers to execute arbitrary SQL commands via the (1) kat parameter to side.asp, and the (2) brugerid and (3) password fields to the administration login feature.

Affected configurations

NVD

Node

diskosdiskos_cmsMatch6

CPENameOperatorVersion
diskos:diskos_cmsdiskos diskos cmseq6

CPE	Name	Operator	Version
diskos:diskos_cms	diskos diskos cms	eq	6

References

secunia.com/advisories/34540

www.exploit-db.com/exploits/8307

www.securityfocus.com/bid/34289

exchange.xforce.ibmcloud.com/vulnerabilities/49509

exchange.xforce.ibmcloud.com/vulnerabilities/49510

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

54.9%

JSON

Related for CVE-2009-4798

nvd1 prion1 cvelist1