Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2439

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-2439
Last Modified 13 Feb 2010 12:00:00
Published 13 Jul 2009 10:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2439

Summary

Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php. NOTE: this is a product that was developed by a third party; it is not associated with alibaba.com or the Alibaba Group.

Vulnerable Systems

Application

  • Web Development House Alibaba Clone


References

VUPEN - ADV-2009-1838

SECUNIA - 35741

MISC - http://packetstormsecurity.org/0907-exploits/alibabaclone-sql.txt


Last Updated: 27 May 2016 10:50:54