Vulnerability Details CVE-2009-4796
Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order and (2) direction parameters to search.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.007
EPSS Ranking 71.9%
CVSS Severity
CVSS v2 Score 7.5
References
- http://osvdb.org/52984
- http://secunia.com/advisories/34519
- http://www.exploit-db.com/exploits/8302
- http://www.glfusion.org/article.php/security_20090329
- http://www.securityfocus.com/archive/1/502260/100/0/threaded
- http://www.securityfocus.com/bid/34281
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49498
- http://osvdb.org/52984
- http://secunia.com/advisories/34519
- http://www.exploit-db.com/exploits/8302
- http://www.glfusion.org/article.php/security_20090329
- http://www.securityfocus.com/archive/1/502260/100/0/threaded
- http://www.securityfocus.com/bid/34281
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49498
Products affected by CVE-2009-4796
-
cpe:2.3:a:glfusion:glfusion:1.0.0
-
cpe:2.3:a:glfusion:glfusion:1.0.1
-
cpe:2.3:a:glfusion:glfusion:1.0.2
-
cpe:2.3:a:glfusion:glfusion:1.1.0
-
cpe:2.3:a:glfusion:glfusion:1.1.1
-
cpe:2.3:a:glfusion:glfusion:1.1.2