Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3042

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-3042
Last Modified 02 Sep 2009 12:00:00
Published 01 Sep 2009 02:30:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-3042

Summary

SQL injection vulnerability in machine.php in Open Computer and Software (OCS) Inventory NG 1.02.1 allows remote attackers to execute arbitrary SQL commands via the systemid parameter, a different vector than CVE-2009-3040.

Vulnerable Systems

Application

  • Ocsinventory-ng Ocs Inventory Ng 1.02.1


References

CONFIRM - http://www.ocsinventory-ng.org/index.php?mact=News,cntnt01,detail,0&cntnt01articleid=147&cntnt01returnid=15

BUGTRAQ - 20090811 Sql injection in OCS Inventory NG Server 1.2.1

MILW0RM - 9416

SECUNIA - 35311


Last Updated: 27 May 2016 10:51:06