Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0380

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-0380
Last Modified 02 Feb 2009 12:00:00
Published 02 Feb 2009 02:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0380

Summary

** DISPUTED ** SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither "showbiz" nor "bid" appears in the source code for SOBI2.

Vulnerable Systems

Application

  • Sigsiu.net Sobi2 2.8.2


References

XF - sobi2-bid-sql-injection(48131)

BID - 33378

MILW0RM - 7841

VIM - 20090130 SOBI2 showbiz SQL injection - false, or site-specific


Last Updated: 27 May 2016 10:50:14