CVE-2009-0405 - OpenCVE

SQL injection vulnerability in articles.php in smartSite CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the var parameter.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Smartsitecms	Smartsitecms

Configuration 1 [-]

cpe:2.3:a:smartsitecms:smartsitecms:1.0:*:*:*:*:*:*:*

References

Link	Resource
http://www.securityfocus.com/bid/33497	Exploit
https://exchange.xforce.ibmcloud.com/vulnerabilities/48321
https://www.exploit-db.com/exploits/7901

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2009-02-03T19:00:00

Updated: 2017-09-28T12:57:01

Reserved: 2009-02-03T00:00:00

Link: CVE-2009-0405

JSON object: View

NVD Information

Status : Modified

Published: 2009-02-03T19:30:00.467

Modified: 2017-09-29T01:33:48.327

Link: CVE-2009-0405

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-01-28T00:00:00", "descriptions": [{"lang": "en", "value": "SQL injection vulnerability in articles.php in smartSite CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the var parameter."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "smartsitecms-articles-sql-injection(48321)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48321"}, {"name": "7901", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/7901"}, {"name": "33497", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33497"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0405", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "SQL injection vulnerability in articles.php in smartSite CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the var parameter."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "smartsitecms-articles-sql-injection(48321)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48321"}, {"name": "7901", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/7901"}, {"name": "33497", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33497"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0405", "datePublished": "2009-02-03T19:00:00", "dateReserved": "2009-02-03T00:00:00", "dateUpdated": "2017-09-28T12:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}