Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3418


Vulnerability Score 6.5 6.5
CVE Id CVE-2009-3418
Last Modified 10 Nov 2011 12:00:00
Published 25 Sep 2009 06:30:09
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE



Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) remote authenticated users to execute arbitrary SQL commands via the m parameter to manager/index.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit_link action to manager/tools.php. NOTE: some of these details are obtained from third party information.

Vulnerable Systems


  • Plume-cms Plume Cms 1.2.3



SECUNIA - 36277

Last Updated: 27 May 2016 10:51:15