CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2009-0730

Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.003

EPSS Ranking 54.7%

CVSS Severity

CVSS v2 Score 6.8

References

http://www.securityfocus.com/archive/1/501174/100/0/threaded
http://www.securityfocus.com/archive/1/501175/100/0/threaded
http://www.securityfocus.com/archive/1/501176/100/0/threaded
http://www.securityfocus.com/bid/33859
http://www.securityfocus.com/bid/33863
https://exchange.xforce.ibmcloud.com/vulnerabilities/48865
http://www.securityfocus.com/archive/1/501174/100/0/threaded
http://www.securityfocus.com/archive/1/501175/100/0/threaded
http://www.securityfocus.com/archive/1/501176/100/0/threaded
http://www.securityfocus.com/bid/33859
http://www.securityfocus.com/bid/33863
https://exchange.xforce.ibmcloud.com/vulnerabilities/48865

Products affected by CVE-2009-0730

Gigcalendar » Com Gigcalendar » Version: 1.0

cpe:2.3:a:gigcalendar:com_gigcalendar:1.0
Joomla » Joomla » Version: Any

cpe:2.3:a:joomla:joomla:*
Mambo » Mambo » Version: Any

cpe:2.3:a:mambo:mambo:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-0730

Products

Pricing

Contact Us