Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-0963

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-0963
Last Modified 01 Apr 2009 01:43:15
Published 19 Mar 2009 06:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-0963

Summary

Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php.

Vulnerable Systems

Application

  • Xlinesoft Phprunner 3.1

  • Xlinesoft Phprunner 4.2


References

XF - phprunner-searchfield-sql-injection(49278)

VUPEN - ADV-2009-0750

BID - 34146

BUGTRAQ - 20090317 PHPRunner SQL Injection

MILW0RM - 8226

MISC - http://www.bugreport.ir/index_63.htm

SECUNIA - 34330

OSVDB - 52801

OSVDB - 52800

OSVDB - 52799

OSVDB - 52798


Last Updated: 27 May 2016 10:50:26