CVE-2009-4084

SQL injection vulnerability in the search feature in e107 0.7.16 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://blog.bkis.com/e107-multiple-vulnerabilities/
http://www.securityfocus.com/archive/1/508007/100/0/threaded
http://www.securityfocus.com/bid/37087
https://exchange.xforce.ibmcloud.com/vulnerabilities/54373
http://blog.bkis.com/e107-multiple-vulnerabilities/
http://www.securityfocus.com/archive/1/508007/100/0/threaded
http://www.securityfocus.com/bid/37087
https://exchange.xforce.ibmcloud.com/vulnerabilities/54373

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:e107:e107::::::::
	cpe:2.3:a:e107:e107:0.6_10:::::::*
	cpe:2.3:a:e107:e107:0.6_11:::::::*
	cpe:2.3:a:e107:e107:0.6_12:::::::*
	cpe:2.3:a:e107:e107:0.6_13:::::::*
	cpe:2.3:a:e107:e107:0.6_14:::::::*
	cpe:2.3:a:e107:e107:0.6_15:::::::*
	cpe:2.3:a:e107:e107:0.6_15a:::::::*
	cpe:2.3:a:e107:e107:0.7:::::::*
	cpe:2.3:a:e107:e107:0.7.1:::::::*
	cpe:2.3:a:e107:e107:0.7.2:::::::*
	cpe:2.3:a:e107:e107:0.7.3:::::::*
	cpe:2.3:a:e107:e107:0.7.4:::::::*
	cpe:2.3:a:e107:e107:0.7.5:::::::*
	cpe:2.3:a:e107:e107:0.7.6:::::::*
	cpe:2.3:a:e107:e107:0.7.7:::::::*
	cpe:2.3:a:e107:e107:0.7.8:::::::*
	cpe:2.3:a:e107:e107:0.7.9:::::::*
	cpe:2.3:a:e107:e107:0.7.10:::::::*
	cpe:2.3:a:e107:e107:0.7.11:::::::*
	cpe:2.3:a:e107:e107:0.7.12:::::::*
	cpe:2.3:a:e107:e107:0.7.13:::::::*
	cpe:2.3:a:e107:e107:0.7.14:::::::*
	cpe:2.3:a:e107:e107:0.7.15:::::::*
	cpe:2.3:a:e107:e107:0.545:::::::*
	cpe:2.3:a:e107:e107:0.547_beta:::::::*
	cpe:2.3:a:e107:e107:0.548_beta:::::::*
	cpe:2.3:a:e107:e107:0.549_beta:::::::*
	cpe:2.3:a:e107:e107:0.551_beta:::::::*
	cpe:2.3:a:e107:e107:0.552_beta:::::::*
	cpe:2.3:a:e107:e107:0.553_beta:::::::*
	cpe:2.3:a:e107:e107:0.554:::::::*
	cpe:2.3:a:e107:e107:0.554_beta:::::::*
	cpe:2.3:a:e107:e107:0.555_beta:::::::*
	cpe:2.3:a:e107:e107:0.600:::::::*
	cpe:2.3:a:e107:e107:0.601:::::::*
	cpe:2.3:a:e107:e107:0.602:::::::*
	cpe:2.3:a:e107:e107:0.603:::::::*
	cpe:2.3:a:e107:e107:0.604:::::::*
	cpe:2.3:a:e107:e107:0.605:::::::*
	cpe:2.3:a:e107:e107:0.606:::::::*
	cpe:2.3:a:e107:e107:0.607:::::::*
	cpe:2.3:a:e107:e107:0.608:::::::*
	cpe:2.3:a:e107:e107:0.609:::::::*
	cpe:2.3:a:e107:e107:0.610:::::::*
	cpe:2.3:a:e107:e107:0.611:::::::*
	cpe:2.3:a:e107:e107:0.612:::::::*
	cpe:2.3:a:e107:e107:0.613:::::::*
	cpe:2.3:a:e107:e107:0.614:::::::*
	cpe:2.3:a:e107:e107:0.615:::::::*
	cpe:2.3:a:e107:e107:0.615a:::::::*
	cpe:2.3:a:e107:e107:0.616:::::::*
	cpe:2.3:a:e107:e107:0.617:::::::*
	cpe:2.3:a:e107:e107:0.6171:::::::*
	cpe:2.3:a:e107:e107:0.6172:::::::*
	cpe:2.3:a:e107:e107:0.6173:::::::*
	cpe:2.3:a:e107:e107:0.6174:::::::*
	cpe:2.3:a:e107:e107:0.6175:::::::*

History

21 Nov 2024, 01:08

Type	Values Removed	Values Added
References	~~() http://blog.bkis.com/e107-multiple-vulnerabilities/ -~~	() http://blog.bkis.com/e107-multiple-vulnerabilities/ -
References	~~() http://www.securityfocus.com/archive/1/508007/100/0/threaded -~~	() http://www.securityfocus.com/archive/1/508007/100/0/threaded -
References	~~() http://www.securityfocus.com/bid/37087 -~~	() http://www.securityfocus.com/bid/37087 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/54373 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/54373 -

Information

Published : 2009-11-29 13:07

Updated : 2024-11-21 01:08

NVD link : CVE-2009-4084

Mitre link : CVE-2009-4084

CVE.ORG link : CVE-2009-4084

JSON object : View

Products Affected

e107

e107

CWE

CWE-89

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')

7.5 /10