CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2009-3118

SQL injection vulnerability in mod/poll/comment.php in the vote module in Danneo CMS 0.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the comtext parameter, in conjunction with crafted comname and comtitle parameters, in a poll action to index.php, related to incorrect input sanitization in base/danneo.function.php.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 61.0%

CVSS Severity

CVSS v2 Score 7.5

References

http://packetstormsecurity.org/0908-exploits/danneo052-sql.txt
http://secunia.com/advisories/36440
http://www.vupen.com/english/advisories/2009/2459
http://packetstormsecurity.org/0908-exploits/danneo052-sql.txt
http://secunia.com/advisories/36440
http://www.vupen.com/english/advisories/2009/2459

Products affected by CVE-2009-3118

Danneo » Cms » Version: Any

cpe:2.3:a:danneo:cms:*
Danneo » Cms » Version: 0.5

cpe:2.3:a:danneo:cms:0.5
Danneo » Cms » Version: 0.5.1

cpe:2.3:a:danneo:cms:0.5.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-3118

Products

Pricing

Contact Us