CVE-2009-2345 - OpenCVE

Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 allow remote attackers to execute arbitrary SQL commands via unknown parameters to the gbook module and unspecified other components.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Clansphere	Clansphere

Configuration 1 [-]

OR	cpe:2.3:a:clansphere:clansphere::::::::
	cpe:2.3:a:clansphere:clansphere:2007.4:::::::*
	cpe:2.3:a:clansphere:clansphere:2007.4.1:::::::*
	cpe:2.3:a:clansphere:clansphere:2007.4.2:::::::*
	cpe:2.3:a:clansphere:clansphere:2007.4.3:::::::*
	cpe:2.3:a:clansphere:clansphere:2007.4.4:::::::*
	cpe:2.3:a:clansphere:clansphere:2008:::::::*
	cpe:2.3:a:clansphere:clansphere:2008.1:::::::*
	cpe:2.3:a:clansphere:clansphere:2008.2:::::::*
	cpe:2.3:a:clansphere:clansphere:2008.2.1:::::::*
	cpe:2.3:a:clansphere:clansphere:2009.0:rc1::::::
	cpe:2.3:a:clansphere:clansphere:2009.0:rc2::::::
	cpe:2.3:a:clansphere:clansphere:2009.0:rc3::::::

References

Link	Resource
http://secunia.com/advisories/35694	Vendor Advisory
http://www.clansphere.net/index/news/view/id/405/
http://www.securityfocus.com/bid/35576	Patch
http://www.vupen.com/english/advisories/2009/1794	Patch Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2022-10-03T16:24:06

Updated: 2022-10-03T16:24:06

Reserved: 2022-10-03T00:00:00

Link: CVE-2009-2345

JSON object: View

NVD Information

Status : Analyzed

Published: 2009-07-07T19:30:00.313

Modified: 2009-07-08T04:00:00.000

Link: CVE-2009-2345

JSON object: View

Redhat Information

No data.

CWE

CWE-89

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 allow remote attackers to execute arbitrary SQL commands via unknown parameters to the gbook module and unspecified other components."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2022-10-03T16:24:06", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.clansphere.net/index/news/view/id/405/"}, {"name": "ADV-2009-1794", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1794"}, {"name": "35576", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35576"}, {"name": "35694", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35694"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2345", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 allow remote attackers to execute arbitrary SQL commands via unknown parameters to the gbook module and unspecified other components."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.clansphere.net/index/news/view/id/405/", "refsource": "CONFIRM", "url": "http://www.clansphere.net/index/news/view/id/405/"}, {"name": "ADV-2009-1794", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1794"}, {"name": "35576", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35576"}, {"name": "35694", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35694"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2345", "datePublished": "2022-10-03T16:24:06", "dateReserved": "2022-10-03T00:00:00", "dateUpdated": "2022-10-03T16:24:06", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:clansphere:clansphere:*:*:*:*:*:*:*:*", "matchCriteriaId": "9D37828F-460B-45A0-A9BB-2ED8ACF78A4D", "versionEndIncluding": "2009.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:clansphere:clansphere:2007.4:*:*:*:*:*:*:*", "matchCriteriaId": "3B498CF2-0ED8-497E-9375-5C7E31941095", "vulnerable": true}, {"criteria": "cpe:2.3:a:clansphere:clansphere:2007.4.1:*:*:*:*:*:*:*", "matchCriteriaId": "91ED323B-9626-46F5-AFA9-98C3705A502F", "vulnerable": true}, {"criteria": "cpe:2.3:a:clansphere:clansphere:2007.4.2:*:*:*:*:*:*:*", "matchCriteriaId": "5036F226-B242-485D-95F9-3A4218AC4C02", "vulnerable": true}, {"criteria": "cpe:2.3:a:clansphere:clansphere:2007.4.3:*:*:*:*:*:*:*", "matchCriteriaId": "5C8E2F6F-2A34-4335-93FA-5EB054BFEAB3", "vulnerable": true}, {"criteria": "cpe:2.3:a:clansphere:clansphere:2007.4.4:*:*:*:*:*:*:*", "matchCriteriaId": "A2C73C22-D21C-4BAF-B945-C83F08D56AC6", "vulnerable": true}, {"criteria": "cpe:2.3:a:clansphere:clansphere:2008:*:*:*:*:*:*:*", "matchCriteriaId": "5FC5B7AF-964C-412B-8CE2-17B03AC34026", "vulnerable": true}, {"criteria": "cpe:2.3:a:clansphere:clansphere:2008.1:*:*:*:*:*:*:*", "matchCriteriaId": "22458DE4-F715-4ECE-9FF1-08F0AC430C80", "vulnerable": true}, {"criteria": "cpe:2.3:a:clansphere:clansphere:2008.2:*:*:*:*:*:*:*", "matchCriteriaId": "E5A55ADA-F556-4C25-8415-208E9E68ACCF", "vulnerable": true}, {"criteria": "cpe:2.3:a:clansphere:clansphere:2008.2.1:*:*:*:*:*:*:*", "matchCriteriaId": "30B73D07-06C5-4466-8157-82DE5304E7F6", "vulnerable": true}, {"criteria": "cpe:2.3:a:clansphere:clansphere:2009.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "96F6E5E6-C61A-411C-B179-E301DF4AB7F0", "vulnerable": true}, {"criteria": "cpe:2.3:a:clansphere:clansphere:2009.0:rc2:*:*:*:*:*:*", "matchCriteriaId": "A3E469F4-FC52-4151-AB6F-F41B3E0BA72E", "vulnerable": true}, {"criteria": "cpe:2.3:a:clansphere:clansphere:2009.0:rc3:*:*:*:*:*:*", "matchCriteriaId": "D85C9E29-3771-4BEF-BDBD-09933D7F8087", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in ClanSphere before 2009.0.1 allow remote attackers to execute arbitrary SQL commands via unknown parameters to the gbook module and unspecified other components."}, {"lang": "es", "value": "Multiples vulnerabilidades tipo inyecci\u00f3n SQL en versiones de ClanSphere anteriores a v.2009.0.1 permiten a atacantes remotos ejecutar comandos SQL a su elecci\u00f3n a trav\u00e9s de par\u00e1metros no especificados al m\u00f3dulo gbook y otros componentes."}], "id": "CVE-2009-2345", "lastModified": "2009-07-08T04:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-07-07T19:30:00.313", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35694"}, {"source": "cve@mitre.org", "url": "http://www.clansphere.net/index/news/view/id/405/"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/35576"}, {"source": "cve@mitre.org", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1794"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}