Vulnerability Details CVE-2009-0287
SQL injection vulnerability in lib/patUser.php in KEEP Toolkit before 2.5.1 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 63.1%
CVSS Severity
CVSS v2 Score 7.5
References
- http://keeptoolkit.svn.sourceforge.net/viewvc/keeptoolkit?view=rev&revision=56
- http://osvdb.org/51623
- http://secunia.com/advisories/33652
- http://sourceforge.net/project/shownotes.php?release_id=655845&group_id=227492
- http://www.securityfocus.com/bid/33425
- http://keeptoolkit.svn.sourceforge.net/viewvc/keeptoolkit?view=rev&revision=56
- http://osvdb.org/51623
- http://secunia.com/advisories/33652
- http://sourceforge.net/project/shownotes.php?release_id=655845&group_id=227492
- http://www.securityfocus.com/bid/33425
Products affected by CVE-2009-0287
-
cpe:2.3:a:keep_toolkit:keep_toolkit:*
-
cpe:2.3:a:keep_toolkit:keep_toolkit:2.1