Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-1245

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-1245
Last Modified 06 Apr 2009 12:00:00
Published 06 Apr 2009 12:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-1245

Summary

Multiple SQL injection vulnerabilities in the insert_to_pastebin function in php/cccp-admin/inc/functions.php in CCCP Community Clan Portal Pastebin before 2.80 allow remote attackers to execute arbitrary SQL commands via the (1) subject, (2) language, and (3) nickname parameters to php/cccp-pages/submit.php. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Cccp-common-clan-portal-pasterbin Cccp Pastebin 2.10

  • Cccp-common-clan-portal-pasterbin Cccp Pastebin 2.20

  • Cccp-common-clan-portal-pasterbin Cccp Pastebin 2.30

  • Cccp-common-clan-portal-pasterbin Cccp Pastebin 2.40

  • Cccp-common-clan-portal-pasterbin Cccp Pastebin 2.50

  • Cccp-common-clan-portal-pasterbin Cccp Pastebin 2.60

  • Cccp-common-clan-portal-pasterbin Cccp Pastebin 2.70


References

CONFIRM - http://jcsfog.cvs.sourceforge.net/viewvc/jcsfog/CCCP-Pastebin/php/cccp-admin/inc/functions.php?r1=1.10&r2=1.11

XF - communitycode-submit-sql-injection(49426)

BID - 34264

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=670960

SECUNIA - 34474


Last Updated: 27 May 2016 10:50:30