Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3252

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-3252
Last Modified 21 Sep 2009 12:00:00
Published 18 Sep 2009 04:30:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-3252

Summary

Multiple SQL injection vulnerabilities in news.php in Rock Band CMS 0.10 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) id parameters.

Vulnerable Systems

Application

  • Dave Robinson Rockbandcms 0.10


References

XF - bandcms-news-sql-injection(52940)

VUPEN - ADV-2009-2494

MILW0RM - 9553

SECUNIA - 36517


Last Updated: 27 May 2016 10:51:11