Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0402

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-0402
Last Modified 10 Feb 2009 02:00:17
Published 03 Feb 2009 02:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0402

Summary

SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname, (2) christname, (3) company_name, (4) is_company, (5) email, (6) phone, (7) fax, (8) addr1, (9) addr2, (10) addr3, (11) zipcode, (12) city, (13) state, (14) country, and (15) vat_num parameters.

Vulnerable Systems

Application

  • Gplhost Domain Technologie Control 0.26.7

  • Gplhost Domain Technologie Control 0.26.8

  • Gplhost Domain Technologie Control 0.26.9

  • Gplhost Domain Technologie Control 0.27.3

  • Gplhost Domain Technologie Control 0.28.10

  • Gplhost Domain Technologie Control 0.28.2

  • Gplhost Domain Technologie Control 0.28.3

  • Gplhost Domain Technologie Control 0.29.1

  • Gplhost Domain Technologie Control 0.29.8


References

XF - domaintechnologie-newaccount-sql-injection(48292)

BID - 33496

SECUNIA - 33698

OSVDB - 51631

CONFIRM - http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=056e1d1849ff3aa183a410e2aab1c1c3e969247d

CONFIRM - http://freshmeat.net/projects/dtc/?branch_id=22759&release_id=292973


Last Updated: 27 May 2016 10:50:14