Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2366

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-2366
Last Modified 08 Jul 2009 12:00:00
Published 08 Jul 2009 11:30:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2366

Summary

SQL injection vulnerability in login.asp in DataCheck Solutions ForumPal FE 1.1 and ForumPal 1.5 allows remote attackers to execute arbitrary SQL commands via the (1) password parameter in 1.1 and (2) p_password parameter in 1.5. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Datachecknh Forumpal 1.5

  • Datachecknh Forumpal Fe 1.1


References

XF - datacheck-login-sql-injection(51403)

OSVDB - 55497

OSVDB - 55496

MILW0RM - 9024

SECUNIA - 35603

SECUNIA - 35589


Last Updated: 27 May 2016 10:50:52