Computer Security

CVE-2009-2579
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



CVECVE-2009-2579
StatusUNKNOWN
DescriptionSQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2.
SeverityMedium
CVSS score6,5
CVSS vector(AV:N/AC:L/Au:S/C:P/I:P/A:P)
PhaseASSIGNED (10.09.2009)
NVD:http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-2579
ReferencesBID : 35936
 BUGTRAQ : 20090804 [BONSAI] SQL Injection in CS-Cart
 CONFIRM : http://www.cs-cart.com/changelog206.html
 MISC : http://www.bonsai-sec.com/research/vulnerabilities...
 SECUNIA : 36112
SecurityVulns:Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru
test server