CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2009-3505

SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter. NOTE: the game_id vector is already covered by CVE-2008-4460.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 60.1%

CVSS Severity

CVSS v2 Score 7.5

References

http://packetstormsecurity.org/0909-exploits/mmorpgzone-sql.txt
http://www.securityfocus.com/bid/36483
http://www.vupen.com/english/advisories/2009/2734
https://exchange.xforce.ibmcloud.com/vulnerabilities/53436
http://packetstormsecurity.org/0909-exploits/mmorpgzone-sql.txt
http://www.securityfocus.com/bid/36483
http://www.vupen.com/english/advisories/2009/2734
https://exchange.xforce.ibmcloud.com/vulnerabilities/53436

Products affected by CVE-2009-3505

Vastal » Mmorpg Zone » Version: Any

cpe:2.3:a:vastal:mmorpg_zone:*

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-3505

Products

Pricing

Contact Us