Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0672

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2009-0672
Last Modified 09 Jun 2009 01:32:48
Published 22 Feb 2009 05:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2009-0672

Summary

SQL injection vulnerability in the Resend_Email module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary SQL commands via the user_prefix parameter to modules.php.

Vulnerable Systems

Application

  • Ravenphpscripts Ravennuke 2.30


References

BID - 33787

XF - ravennuke-modules-sql-injection(48791)

MISC - http://www.waraxe.us/advisory-72.html

BUGTRAQ - 20090216 [waraxe-2009-SA#072] - Multiple Vulnerabilities in RavenNuke 2.3.0

MILW0RM - 8068

CONFIRM - http://ravenphpscripts.com/postt17156.html

OSVDB - 52298


Last Updated: 27 May 2016 10:50:20