CVE-2009-3532

{"id": "CVE-2009-3532", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2009-10-02T19:30:00.343", "references": [{"url": "http://secunia.com/advisories/35821", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://www.osvdb.org/55825", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.packetstormsecurity.org/0907-advisories/DDIVRT-2009-26.txt", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/504869/100/0/threaded", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51686", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/35821", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.osvdb.org/55825", "tags": ["Exploit"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.packetstormsecurity.org/0907-advisories/DDIVRT-2009-26.txt", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/archive/1/504869/100/0/threaded", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/51686", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-89"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in login.asp (aka the login screen) in LogRover 2.3 and 2.3.3 on Windows allow remote attackers to execute arbitrary SQL commands via the (1) uname and (2) pword parameters. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidad de inyecci\u00f3n SQL en login.asp (como login screen) en LogRover v2.3 y v2.3.3 en Windows permiten a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de los par\u00e1metros (1) uname y (2) pword. NOTA: algunos de estos detalles han sido obtenidos a partir de informaci\u00f3n de terceros."}], "lastModified": "2024-11-21T01:07:35.670", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:logrover:logrover:2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F418E0A6-86B0-437D-B791-37D001501126"}, {"criteria": "cpe:2.3:a:logrover:logrover:2.3.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0062A0DF-24F8-4F5E-898D-DAA0A8D6FF56"}], "operator": "OR"}, {"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:microsoft:windows:*:*:*:*:*:*:*:*", "vulnerable": false, "matchCriteriaId": "2CF61F35-5905-4BA9-AD7E-7DB261D2F256"}], "operator": "OR"}], "operator": "AND"}], "sourceIdentifier": "cve@mitre.org"}