Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2337

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2009-2337
Last Modified 07 Jul 2009 12:00:00
Published 07 Jul 2009 03:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2009-2337

Summary

SQL injection vulnerability in includes/module/book/index.inc.php in w3b|cms Gaestebuch Guestbook Module 3.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the spam_id parameter.

Vulnerable Systems

Application

  • W3bcms Gaestebuch Guestbook Module 3.0.0


References

OSVDB - 53614

XF - guestbookmodule-indexinc-sql-injection(49853)

BID - 34477

MILW0RM - 8396

SECUNIA - 34650


Last Updated: 27 May 2016 10:50:52