Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3148

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-3148
Last Modified 10 Sep 2009 12:00:00
Published 10 Sep 2009 02:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-3148

Summary

Multiple SQL injection vulnerabilities in PortalXP Teacher Edition 1.2 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) calendar.php, (2) news.php, and (3) links.php; and the (4) assignment_id parameter to assignments.php.

Vulnerable Systems

Application

  • Portalxp 1.2


References

MILW0RM - 9325


Last Updated: 27 May 2016 10:51:08