CVE-2009-3313

Multiple SQL injection vulnerabilities in FMyClone 2.3 allow remote attackers to execute arbitrary SQL commands via the comp parameter to (1) index.php and (2) editComments.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the id parameter in a comment action to edit.php.

CVSS v2.0 6.5 MEDIUM

6.5^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:S/C:P/I:P/A:P

Exploitability : 8.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication SINGLE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://osvdb.org/58182
http://osvdb.org/58183
http://osvdb.org/58184
http://secunia.com/advisories/36778	Vendor Advisory
http://www.exploit-db.com/exploits/9711
https://exchange.xforce.ibmcloud.com/vulnerabilities/53329
https://exchange.xforce.ibmcloud.com/vulnerabilities/53330

Configurations

Configuration 1 (hide)

cpe:2.3:a:fmyclone:fmyclone:2.3:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-09-23 12:08

Updated : 2017-09-19 01:29

NVD link : CVE-2009-3313

Mitre link : CVE-2009-3313

CVE.ORG link : CVE-2009-3313

JSON object : View

Products Affected

fmyclone

fmyclone

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

{"id": "CVE-2009-3313", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 6.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:S/C:P/I:P/A:P", "authentication": "SINGLE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 8.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-09-23T12:08:35.233", "references": [{"url": "http://osvdb.org/58182", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/58183", "source": "cve@mitre.org"}, {"url": "http://osvdb.org/58184", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/36778", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.exploit-db.com/exploits/9711", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53329", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/53330", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in FMyClone 2.3 allow remote attackers to execute arbitrary SQL commands via the comp parameter to (1) index.php and (2) editComments.php, and (3) allow remote authenticated administrators to execute arbitrary SQL commands via the id parameter in a comment action to edit.php."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en FMyClone v2.3, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"comp\" a (1) index.php y (2) editComments.php, y (3) permite a administradores autenticados ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s del par\u00e1metro \"id\" en una acci\u00f3n \"comment\" a edit.php."}], "lastModified": "2017-09-19T01:29:33.343", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:fmyclone:fmyclone:2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1527AFC-08E0-4205-8C8E-00E5789A1D5B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}