Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2009-3418

Overview

Vulnerability Score 6.5 6.5
CVE Id CVE-2009-3418
Last Modified 10 Nov 2011 12:00:00
Published 25 Sep 2009 06:30:09
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication SINGLE_INSTANCE

CVE-2009-3418

Summary

Multiple SQL injection vulnerabilities in Plume CMS 1.2.3 allow (1) remote authenticated users to execute arbitrary SQL commands via the m parameter to manager/index.php and (2) remote authenticated administrators to execute arbitrary SQL commands via the id parameter in an edit_link action to manager/tools.php. NOTE: some of these details are obtained from third party information.

Vulnerable Systems

Application

  • Plume-cms Plume Cms 1.2.3


References

MISC - http://www.senseofsecurity.com.au/advisories/SOS-09-006.pdf

SECUNIA - 36277


Last Updated: 27 May 2016 10:51:15