Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3337

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2009-3337
Last Modified 20 Dec 2011 12:00:00
Published 24 Sep 2009 12:30:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2009-3337

Summary

SQL injection vulnerability in the Freetag (serendipity_event_freetag) plugin before 3.09 for Serendipity (S9Y) allows remote attackers to execute arbitrary SQL commands via an unspecified parameter associated with Meta keywords in a blog entry.

Vulnerable Systems

Application

  • S9y Serendipity Freetag-plugin 2.103

  • S9y Serendipity Freetag-plugin 2.105

  • S9y Serendipity Freetag-plugin 2.44

  • S9y Serendipity Freetag-plugin 2.47

  • S9y Serendipity Freetag-plugin 2.5

  • S9y Serendipity Freetag-plugin 2.51

  • S9y Serendipity Freetag-plugin 2.64

  • S9y Serendipity Freetag-plugin 2.70

  • S9y Serendipity Freetag-plugin 2.88%2f2.41

  • S9y Serendipity Freetag-plugin 2.88%2f2.42

  • S9y Serendipity Freetag-plugin 2.88%2f2.43

  • S9y Serendipity Freetag-plugin 2.88%2f2.44

  • S9y Serendipity Freetag-plugin 2.95

  • S9y Serendipity Freetag-plugin 2.96

  • S9y Serendipity Freetag-plugin 2.97

  • S9y Serendipity Freetag-plugin 3.0

  • S9y Serendipity Freetag-plugin 3.01

  • S9y Serendipity Freetag-plugin 3.02

  • S9y Serendipity Freetag-plugin 3.03

  • S9y Serendipity Freetag-plugin 3.04

  • S9y Serendipity Freetag-plugin 3.05

  • S9y Serendipity Freetag-plugin 3.06

  • S9y Serendipity Freetag-plugin 3.07


References

BID - 36376

SECUNIA - 36706

CONFIRM - http://blog.s9y.org/archives/210-Security-update-for-Freetag-Plugin.html


Last Updated: 27 May 2016 10:51:12