Vulnerability Details CVE-2009-2894
Multiple SQL injection vulnerabilities in Ebay Clone 2009 allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to product_desc.php, and the cid parameter to (2) showcategory.php and (3) gallery.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.011
EPSS Ranking 77.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://osvdb.org/56265
- http://osvdb.org/56266
- http://osvdb.org/56268
- http://packetstormsecurity.org/0907-exploits/clone2009-sql.txt
- http://secunia.com/advisories/35952
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51956
- http://osvdb.org/56265
- http://osvdb.org/56266
- http://osvdb.org/56268
- http://packetstormsecurity.org/0907-exploits/clone2009-sql.txt
- http://secunia.com/advisories/35952
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51956
Products affected by CVE-2009-2894
-
cpe:2.3:a:clone2009:ebay_clone:2009