Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0711

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2009-0711
Last Modified 23 Jun 2009 01:51:06
Published 23 Feb 2009 10:30:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0711

Summary

filter.php in PHPFootball 1.6 and earlier allows remote attackers to retrieve password hashes via a request with an Accounts value for the dbtable parameter, in conjunction with a Password value for the dbfield parameter. NOTE: this has been reported as a SQL injection vulnerability by some sources, but the provenance of that information is unknown.

Vulnerable Systems

Application

  • Vlad Alexa Mancini Phpfootball 1.5

  • Vlad Alexa Mancini Phpfootball 1.6


References

OSVDB - 51102

MILW0RM - 7636

SECUNIA - 33367


Last Updated: 27 May 2016 10:50:20