Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-2921

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-2921
Last Modified 21 Aug 2009 12:00:00
Published 21 Aug 2009 07:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-2921

Summary

Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field).

Vulnerable Systems

Application

  • Mocdesigns Php News 1.1


References

XF - phpnews-login-sql-injection(52231)

VUPEN - ADV-2009-2161

MILW0RM - 9353


Last Updated: 27 May 2016 10:51:04