Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1027

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-1027
Last Modified 02 Apr 2009 01:45:37
Published 19 Mar 2009 08:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1027

Summary

SQL injection vulnerability in OpenCart 1.1.8 allows remote attackers to execute arbitrary SQL commands via the order parameter.

Vulnerable Systems

Application

  • Opencart 1.1.8


References

XF - opencart-order-sql-injection(49262)

BID - 34121

BUGTRAQ - 20090316 NGENUITY-2009-005 OpenCart Order By Blind SQL Injection

MISC - http://www.ngenuity.org/wordpress/2009/03/10/ngenuity-2009-005-opencart-order-by-blind-sql-injection/

SECUNIA - 34313


Last Updated: 27 May 2016 10:50:26