Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2012-0868

Summary
Assigner-redhat
Assigner Org ID-53f830b8-0a3f-465b-8143-3b8a9948e749
Published At-18 Jul, 2012 | 23:00
Updated At-06 Aug, 2024 | 18:38
Rejected At-
Credits

CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:redhat
Assigner Org ID:53f830b8-0a3f-465b-8143-3b8a9948e749
Published At:18 Jul, 2012 | 23:00
Updated At:06 Aug, 2024 | 18:38
Rejected At:
▼CVE Numbering Authority (CNA)

CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.

Affected Products
Vendor
n/a
Product
n/a
Versions
Affected
  • n/a
Problem Types
TypeCWE IDDescription
textN/An/a
Type: text
CWE ID: N/A
Description: n/a
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.postgresql.org/about/news/1377/
x_refsource_CONFIRM
http://www.mandriva.com/security/advisories?name=MDVSA-2012:027
vendor-advisory
x_refsource_MANDRIVA
http://secunia.com/advisories/49273
third-party-advisory
x_refsource_SECUNIA
http://rhn.redhat.com/errata/RHSA-2012-0678.html
vendor-advisory
x_refsource_REDHAT
http://www.mandriva.com/security/advisories?name=MDVSA-2012:026
vendor-advisory
x_refsource_MANDRIVA
http://www.postgresql.org/docs/9.0/static/release-9-0-7.html
x_refsource_CONFIRM
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
x_refsource_CONFIRM
http://www.postgresql.org/docs/8.4/static/release-8-4-11.html
x_refsource_CONFIRM
http://www.debian.org/security/2012/dsa-2418
vendor-advisory
x_refsource_DEBIAN
http://www.postgresql.org/docs/8.3/static/release-8-3-18.html
x_refsource_CONFIRM
http://secunia.com/advisories/49272
third-party-advisory
x_refsource_SECUNIA
http://www.postgresql.org/docs/9.1/static/release-9-1-3.html
x_refsource_CONFIRM
http://rhn.redhat.com/errata/RHSA-2012-0677.html
vendor-advisory
x_refsource_REDHAT
http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html
vendor-advisory
x_refsource_SUSE
Hyperlink: http://www.postgresql.org/about/news/1377/
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:027
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://secunia.com/advisories/49273
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0678.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:026
Resource:
vendor-advisory
x_refsource_MANDRIVA
Hyperlink: http://www.postgresql.org/docs/9.0/static/release-9-0-7.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.postgresql.org/docs/8.4/static/release-8-4-11.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://www.debian.org/security/2012/dsa-2418
Resource:
vendor-advisory
x_refsource_DEBIAN
Hyperlink: http://www.postgresql.org/docs/8.3/static/release-8-3-18.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://secunia.com/advisories/49272
Resource:
third-party-advisory
x_refsource_SECUNIA
Hyperlink: http://www.postgresql.org/docs/9.1/static/release-9-1-3.html
Resource:
x_refsource_CONFIRM
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0677.html
Resource:
vendor-advisory
x_refsource_REDHAT
Hyperlink: http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html
Resource:
vendor-advisory
x_refsource_SUSE
▼Authorized Data Publishers (ADP)
CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions
Configurations
Workarounds
Exploits
Credits
Timeline
EventDate
Replaced By
Rejected Reason
References
HyperlinkResource
http://www.postgresql.org/about/news/1377/
x_refsource_CONFIRM
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2012:027
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://secunia.com/advisories/49273
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-0678.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://www.mandriva.com/security/advisories?name=MDVSA-2012:026
vendor-advisory
x_refsource_MANDRIVA
x_transferred
http://www.postgresql.org/docs/9.0/static/release-9-0-7.html
x_refsource_CONFIRM
x_transferred
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
x_refsource_CONFIRM
x_transferred
http://www.postgresql.org/docs/8.4/static/release-8-4-11.html
x_refsource_CONFIRM
x_transferred
http://www.debian.org/security/2012/dsa-2418
vendor-advisory
x_refsource_DEBIAN
x_transferred
http://www.postgresql.org/docs/8.3/static/release-8-3-18.html
x_refsource_CONFIRM
x_transferred
http://secunia.com/advisories/49272
third-party-advisory
x_refsource_SECUNIA
x_transferred
http://www.postgresql.org/docs/9.1/static/release-9-1-3.html
x_refsource_CONFIRM
x_transferred
http://rhn.redhat.com/errata/RHSA-2012-0677.html
vendor-advisory
x_refsource_REDHAT
x_transferred
http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html
vendor-advisory
x_refsource_SUSE
x_transferred
Hyperlink: http://www.postgresql.org/about/news/1377/
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:027
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://secunia.com/advisories/49273
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0678.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:026
Resource:
vendor-advisory
x_refsource_MANDRIVA
x_transferred
Hyperlink: http://www.postgresql.org/docs/9.0/static/release-9-0-7.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.postgresql.org/docs/8.4/static/release-8-4-11.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://www.debian.org/security/2012/dsa-2418
Resource:
vendor-advisory
x_refsource_DEBIAN
x_transferred
Hyperlink: http://www.postgresql.org/docs/8.3/static/release-8-3-18.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://secunia.com/advisories/49272
Resource:
third-party-advisory
x_refsource_SECUNIA
x_transferred
Hyperlink: http://www.postgresql.org/docs/9.1/static/release-9-1-3.html
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0677.html
Resource:
vendor-advisory
x_refsource_REDHAT
x_transferred
Hyperlink: http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html
Resource:
vendor-advisory
x_refsource_SUSE
x_transferred
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:secalert@redhat.com
Published At:18 Jul, 2012 | 23:55
Updated At:11 Apr, 2025 | 00:51

CRLF injection vulnerability in pg_dump in PostgreSQL 8.3.x before 8.3.18, 8.4.x before 8.4.11, 9.0.x before 9.0.7, and 9.1.x before 9.1.3 allows user-assisted remote attackers to execute arbitrary SQL commands via a crafted file containing object names with newlines, which are inserted into an SQL script that is used when the database is restored.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary2.06.8MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Type: Primary
Version: 2.0
Base score: 6.8
Base severity: MEDIUM
Vector:
AV:N/AC:M/Au:N/C:P/I:P/A:P
CPE Matches
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3
cpe:2.3:a:postgresql:postgresql:8.3:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.1
cpe:2.3:a:postgresql:postgresql:8.3.1:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.2
cpe:2.3:a:postgresql:postgresql:8.3.2:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.3
cpe:2.3:a:postgresql:postgresql:8.3.3:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.4
cpe:2.3:a:postgresql:postgresql:8.3.4:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.5
cpe:2.3:a:postgresql:postgresql:8.3.5:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.6
cpe:2.3:a:postgresql:postgresql:8.3.6:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.7
cpe:2.3:a:postgresql:postgresql:8.3.7:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.8
cpe:2.3:a:postgresql:postgresql:8.3.8:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.9
cpe:2.3:a:postgresql:postgresql:8.3.9:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.10
cpe:2.3:a:postgresql:postgresql:8.3.10:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.11
cpe:2.3:a:postgresql:postgresql:8.3.11:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.12
cpe:2.3:a:postgresql:postgresql:8.3.12:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.13
cpe:2.3:a:postgresql:postgresql:8.3.13:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.14
cpe:2.3:a:postgresql:postgresql:8.3.14:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.15
cpe:2.3:a:postgresql:postgresql:8.3.15:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.16
cpe:2.3:a:postgresql:postgresql:8.3.16:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.3.17
cpe:2.3:a:postgresql:postgresql:8.3.17:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4
cpe:2.3:a:postgresql:postgresql:8.4:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4.1
cpe:2.3:a:postgresql:postgresql:8.4.1:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4.2
cpe:2.3:a:postgresql:postgresql:8.4.2:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4.3
cpe:2.3:a:postgresql:postgresql:8.4.3:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4.4
cpe:2.3:a:postgresql:postgresql:8.4.4:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4.5
cpe:2.3:a:postgresql:postgresql:8.4.5:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4.6
cpe:2.3:a:postgresql:postgresql:8.4.6:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4.7
cpe:2.3:a:postgresql:postgresql:8.4.7:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4.8
cpe:2.3:a:postgresql:postgresql:8.4.8:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4.9
cpe:2.3:a:postgresql:postgresql:8.4.9:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>8.4.10
cpe:2.3:a:postgresql:postgresql:8.4.10:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>9.0
cpe:2.3:a:postgresql:postgresql:9.0:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>9.0.1
cpe:2.3:a:postgresql:postgresql:9.0.1:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>9.0.2
cpe:2.3:a:postgresql:postgresql:9.0.2:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>9.0.3
cpe:2.3:a:postgresql:postgresql:9.0.3:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>9.0.4
cpe:2.3:a:postgresql:postgresql:9.0.4:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>9.0.5
cpe:2.3:a:postgresql:postgresql:9.0.5:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>9.0.6
cpe:2.3:a:postgresql:postgresql:9.0.6:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>9.1
cpe:2.3:a:postgresql:postgresql:9.1:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>9.1.1
cpe:2.3:a:postgresql:postgresql:9.1.1:*:*:*:*:*:*:*
The PostgreSQL Global Development Group
postgresql
>>postgresql>>9.1.2
cpe:2.3:a:postgresql:postgresql:9.1.2:*:*:*:*:*:*:*
Weaknesses
CWE IDTypeSource
CWE-89Primarynvd@nist.gov
CWE ID: CWE-89
Type: Primary
Source: nvd@nist.gov
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705secalert@redhat.com
N/A
http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2012-0677.htmlsecalert@redhat.com
N/A
http://rhn.redhat.com/errata/RHSA-2012-0678.htmlsecalert@redhat.com
N/A
http://secunia.com/advisories/49272secalert@redhat.com
N/A
http://secunia.com/advisories/49273secalert@redhat.com
N/A
http://www.debian.org/security/2012/dsa-2418secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2012:026secalert@redhat.com
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2012:027secalert@redhat.com
N/A
http://www.postgresql.org/about/news/1377/secalert@redhat.com
Vendor Advisory
http://www.postgresql.org/docs/8.3/static/release-8-3-18.htmlsecalert@redhat.com
N/A
http://www.postgresql.org/docs/8.4/static/release-8-4-11.htmlsecalert@redhat.com
N/A
http://www.postgresql.org/docs/9.0/static/release-9-0-7.htmlsecalert@redhat.com
N/A
http://www.postgresql.org/docs/9.1/static/release-9-1-3.htmlsecalert@redhat.com
N/A
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705af854a3a-2127-422b-91ae-364da2661108
N/A
http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2012-0677.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://rhn.redhat.com/errata/RHSA-2012-0678.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/49272af854a3a-2127-422b-91ae-364da2661108
N/A
http://secunia.com/advisories/49273af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.debian.org/security/2012/dsa-2418af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2012:026af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.mandriva.com/security/advisories?name=MDVSA-2012:027af854a3a-2127-422b-91ae-364da2661108
N/A
http://www.postgresql.org/about/news/1377/af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
http://www.postgresql.org/docs/8.3/static/release-8-3-18.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.postgresql.org/docs/8.4/static/release-8-4-11.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.postgresql.org/docs/9.0/static/release-9-0-7.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
http://www.postgresql.org/docs/9.1/static/release-9-1-3.htmlaf854a3a-2127-422b-91ae-364da2661108
N/A
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0677.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0678.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/49272
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://secunia.com/advisories/49273
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.debian.org/security/2012/dsa-2418
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:026
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:027
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.postgresql.org/about/news/1377/
Source: secalert@redhat.com
Resource:
Vendor Advisory
Hyperlink: http://www.postgresql.org/docs/8.3/static/release-8-3-18.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.postgresql.org/docs/8.4/static/release-8-4-11.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.postgresql.org/docs/9.0/static/release-9-0-7.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://www.postgresql.org/docs/9.1/static/release-9-1-3.html
Source: secalert@redhat.com
Resource: N/A
Hyperlink: http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10705
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://lists.opensuse.org/opensuse-updates/2012-09/msg00060.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0677.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://rhn.redhat.com/errata/RHSA-2012-0678.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/49272
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://secunia.com/advisories/49273
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.debian.org/security/2012/dsa-2418
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:026
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.mandriva.com/security/advisories?name=MDVSA-2012:027
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.postgresql.org/about/news/1377/
Source: af854a3a-2127-422b-91ae-364da2661108
Resource:
Vendor Advisory
Hyperlink: http://www.postgresql.org/docs/8.3/static/release-8-3-18.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.postgresql.org/docs/8.4/static/release-8-4-11.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.postgresql.org/docs/9.0/static/release-9-0-7.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A
Hyperlink: http://www.postgresql.org/docs/9.1/static/release-9-1-3.html
Source: af854a3a-2127-422b-91ae-364da2661108
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

377Records found
CVE-2009-2553
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 29.55%
||
7 Day CHG~0.00%
Published-20 Jul, 2009 | 19:25
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in comments.php in Super Simple Blog Script 2.5.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the entry parameter.

Action-Not Available
Vendor-supersimplen/a
Product-super_simple_blog_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-2605
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.38% / 58.65%
||
7 Day CHG~0.00%
Published-27 Jul, 2009 | 14:22
Updated-07 Aug, 2024 | 05:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in adminquery.php in Traidnt Up 2.0 allow remote attackers to execute arbitrary SQL commands via (1) trupuser and (2) truppassword cookies to uploadcp/index.php.

Action-Not Available
Vendor-traidntn/a
Product-traidnt_upn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-2554
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.40% / 60.21%
||
7 Day CHG~0.00%
Published-20 Jul, 2009 | 19:25
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the search method in jobline.class.php in Jobline (com_jobline) 1.1.2.2, 1.3.1, and possibly earlier versions, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the search parameter in a results action to index.php, which invokes the search method from the searchJobPostings function in jobline.php.

Action-Not Available
Vendor-olle_johanssonn/aJoomla!
Product-joomlajoblinen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-2018
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.17% / 38.56%
||
7 Day CHG-0.25%
Published-09 Jun, 2009 | 19:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in admin/index.php in Jared Eckersley MyCars, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the authuserid parameter.

Action-Not Available
Vendor-jaredeckersleyn/a
Product-mycarsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-1778
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.02% / 76.28%
||
7 Day CHG~0.00%
Published-22 May, 2009 | 20:00
Updated-07 Aug, 2024 | 05:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in the new user registration feature in BigACE CMS 2.5, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.

Action-Not Available
Vendor-bigacen/a
Product-bigace_cmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-2389
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.10% / 28.76%
||
7 Day CHG~0.00%
Published-09 Jul, 2009 | 16:00
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in newsscript.php in USOLVED NEWSolved 1.1.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) jahr or (2) idneu parameter in an archive action, or (3) the newsid parameter.

Action-Not Available
Vendor-usolvedn/a
Product-newsolvedn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-6304
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.48% / 64.29%
||
7 Day CHG~0.00%
Published-26 Feb, 2009 | 23:00
Updated-07 Aug, 2024 | 11:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in xt:Commerce before 3.0.4 Sp2.1, when magic_quotes_gpc is enabled and the SEO URLs are activated, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.

Action-Not Available
Vendor-xt-commercen/a
Product-xt-commercen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-1741
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.41% / 60.56%
||
7 Day CHG~0.00%
Published-20 May, 2009 | 19:00
Updated-07 Aug, 2024 | 05:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in login.php in DM FileManager 3.9.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) Username and (2) Password fields.

Action-Not Available
Vendor-dutchmonkeyn/a
Product-dm_filemanagern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-1613
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.17% / 38.07%
||
7 Day CHG~0.00%
Published-11 May, 2009 | 20:00
Updated-07 Aug, 2024 | 05:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in leap.php in Leap CMS 0.1.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) searchterm or (2) email parameter.

Action-Not Available
Vendor-gowondesignsn/a
Product-leapn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-2023
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 36.02%
||
7 Day CHG-0.22%
Published-09 Jun, 2009 | 19:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in Shop-Script Pro 2.12, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the current_currency parameter.

Action-Not Available
Vendor-shop-scriptn/a
Product-shop-scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-2608
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.40% / 60.21%
||
7 Day CHG~0.00%
Published-27 Jul, 2009 | 18:00
Updated-07 Aug, 2024 | 05:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in PHP Address Book 4.0.x allow remote attackers to execute arbitrary SQL commands via the (1) id parameter to delete.php or (2) alphabet parameter to index.php. NOTE: the edit.php and view.php vectors are already covered by CVE-2008-2565.

Action-Not Available
Vendor-chatelaon/a
Product-php_address_bookn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-2545
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.39% / 58.97%
||
7 Day CHG~0.00%
Published-20 Jul, 2009 | 19:25
Updated-07 Aug, 2024 | 05:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the filename in an uploaded attachment. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-anelectronn/a
Product-advanced_electron_forumn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-2337
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.22% / 44.96%
||
7 Day CHG~0.00%
Published-07 Jul, 2009 | 18:35
Updated-07 Aug, 2024 | 05:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in includes/module/book/index.inc.php in w3b|cms Gaestebuch Guestbook Module 3.0.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the spam_id parameter.

Action-Not Available
Vendor-w3bcmsn/a
Product-gaestebuch_guestbook_modulew3bcmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-1952
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 33.27%
||
7 Day CHG-0.20%
Published-05 Jun, 2009 | 21:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in the administrative login feature in PropertyMax Pro FREE 0.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.

Action-Not Available
Vendor-propertymaxpron/a
Product-propertymax_pro_freen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-6573
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.72% / 71.64%
||
7 Day CHG~0.00%
Published-01 Apr, 2009 | 22:00
Updated-07 Aug, 2024 | 11:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in Avaya SIP Enablement Services (SES) in Avaya Avaya Communication Manager 3.x, 4.0, and 5.0 (1) allow remote attackers to execute arbitrary SQL commands via unspecified vectors related to profiles in the SIP Personal Information Manager (SPIM) in the web interface; and allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to (2) permissions for SPIM profiles in the web interface and (3) a crafted SIP request to the SIP server.

Action-Not Available
Vendor-n/aAvaya LLC
Product-communication_managern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-1799
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.14% / 35.34%
||
7 Day CHG~0.00%
Published-28 May, 2009 | 14:00
Updated-07 Aug, 2024 | 05:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in the getGalleryImage function in st_admin/gallery_output.php in ST-Gallery 0.1 alpha, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) gallery_category or (2) gallery_show parameter to example.php.

Action-Not Available
Vendor-sebastian-thielen/a
Product-st-galleryn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-2242
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.81% / 73.24%
||
7 Day CHG~0.00%
Published-27 Jun, 2009 | 18:00
Updated-07 Aug, 2024 | 05:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in active_appointments.asp in ASP Inline Corporate Calendar allows remote attackers to execute arbitrary SQL commands via the order parameter.

Action-Not Available
Vendor-aaronoutpostn/a
Product-asp_inline_corporate_calendarn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-2388
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.33% / 54.92%
||
7 Day CHG~0.00%
Published-09 Jul, 2009 | 16:00
Updated-16 Sep, 2024 | 16:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in admin/index.php in Opial 1.0 allows remote attackers to execute arbitrary SQL commands via the txtPassword parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-shalwann/a
Product-opialn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-2008
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.43% / 61.61%
||
7 Day CHG~0.00%
Published-08 Jun, 2009 | 19:00
Updated-07 Aug, 2024 | 05:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in Dokeos 1.8.5, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) uInfo parameter to main/tracking/userLog.php and the (2) course parameter to main/mySpace/lp_tracking.php, a different vector than CVE-2009-2006.2.

Action-Not Available
Vendor-dokeosn/a
Product-dokeosn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-2164
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.35% / 56.98%
||
7 Day CHG~0.00%
Published-22 Jun, 2009 | 20:00
Updated-07 Aug, 2024 | 05:44
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the code parameter to activate.php or (2) the dest parameter to index.php.

Action-Not Available
Vendor-kjtechforcen/a
Product-mailmann/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-0730
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.32% / 54.73%
||
7 Day CHG~0.00%
Published-24 Feb, 2009 | 23:00
Updated-07 Aug, 2024 | 04:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726.

Action-Not Available
Vendor-gigcalendarn/aJoomla!MamboServer
Product-com_gigcalendarjoomlamambon/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-1317
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 36.02%
||
7 Day CHG~0.00%
Published-17 Apr, 2009 | 10:00
Updated-07 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in Aqua CMS 1.1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) userSID cookie parameter to droplets/functions/base.php and the (2) username parameter to admin/index.php.

Action-Not Available
Vendor-aquacmsn/a
Product-aqua_cmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-1347
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.17% / 38.07%
||
7 Day CHG~0.00%
Published-20 Apr, 2009 | 14:06
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in stats/index.php in chCounter 3.1.3 allow remote attackers to execute arbitrary SQL commands via (1) the login_name parameter (aka the username field) or (2) the login_pw parameter (aka the password field).

Action-Not Available
Vendor-chcountern/a
Product-chcountern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-0543
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.83% / 82.16%
||
7 Day CHG~0.00%
Published-12 Feb, 2009 | 16:00
Updated-07 Aug, 2024 | 04:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

ProFTPD Server 1.3.1, with NLS support enabled, allows remote attackers to bypass SQL injection protection mechanisms via invalid, encoded multibyte characters, which are not properly handled in (1) mod_sql_mysql and (2) mod_sql_postgres.

Action-Not Available
Vendor-proftpdn/a
Product-proftpdn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-1362
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 36.17%
||
7 Day CHG~0.00%
Published-22 Apr, 2009 | 18:00
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in administration/index.php in chCounter 3.1.3 allows remote attackers to execute arbitrary SQL commands via the login_name parameter. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-chcountern/a
Product-chcountern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-0851
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.22% / 44.34%
||
7 Day CHG~0.00%
Published-09 Mar, 2009 | 17:00
Updated-07 Aug, 2024 | 04:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in CelerBB 0.0.2, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) viewforum.php and (2) viewtopic.php.

Action-Not Available
Vendor-stewart_howen/a
Product-celerbbn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-1259
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 32.84%
||
7 Day CHG~0.00%
Published-07 Apr, 2009 | 23:00
Updated-07 Aug, 2024 | 05:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in inc/bb/topic.php in Insane Visions AdaptBB 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the topic_id parameter in a topic action to index.php.

Action-Not Available
Vendor-insanevisionsn/a
Product-adaptbbn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-1500
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 32.84%
||
7 Day CHG~0.00%
Published-01 May, 2009 | 17:00
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in ProjectCMS 1.0 Beta allows remote attackers to execute arbitrary SQL commands via the sn parameter.

Action-Not Available
Vendor-projectcmsn/a
Product-projectcmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-1506
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 30.21%
||
7 Day CHG~0.00%
Published-01 May, 2009 | 17:00
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in classes/Xp.php in eLitius 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to banner-details.php.

Action-Not Available
Vendor-intelliantsn/a
Product-elitiusn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-0597
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.18% / 39.96%
||
7 Day CHG~0.00%
Published-16 Feb, 2009 | 17:00
Updated-07 Aug, 2024 | 04:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in admin/index.php in w3b>cms (aka w3blabor CMS) before 3.4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the benutzername parameter (aka Username field) in a login action.

Action-Not Available
Vendor-w3b_cmsn/a
Product-aka_w3blabor_cmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-1453
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.17% / 38.56%
||
7 Day CHG~0.00%
Published-28 Apr, 2009 | 16:00
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in class.eport.php in Tiny Blogr 1.0.0 rc4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the txtUsername parameter (aka the Username field). NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-anoochit_chalothornn/a
Product-tiny_blogrn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-0705
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.20% / 42.46%
||
7 Day CHG~0.00%
Published-23 Feb, 2009 | 15:00
Updated-07 Aug, 2024 | 04:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in news.php in PowerScripts PowerNews 2.5.4, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the newsid parameter.

Action-Not Available
Vendor-powerscriptsn/a
Product-powernewsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-1404
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.17% / 38.56%
||
7 Day CHG~0.00%
Published-24 Apr, 2009 | 14:00
Updated-07 Aug, 2024 | 05:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in admin.php in PastelCMS 0.8.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user (Username) parameter.

Action-Not Available
Vendor-pasteln/a
Product-pastelcmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-0452
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 36.37%
||
7 Day CHG~0.00%
Published-05 Feb, 2009 | 20:00
Updated-07 Aug, 2024 | 04:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in parents/login.php in Online Grades 3.2.4, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) uname or (2) pass parameter.

Action-Not Available
Vendor-onlinegradesn/a
Product-online_gradesn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-0400
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.43% / 61.81%
||
7 Day CHG~0.00%
Published-03 Feb, 2009 | 19:00
Updated-07 Aug, 2024 | 04:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in blog.php in SocialEngine 3.06 trial allows remote attackers to execute arbitrary SQL commands via the category_id parameter.

Action-Not Available
Vendor-socialenginen/a
Product-socialenginen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-0409
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.34% / 56.35%
||
7 Day CHG~0.00%
Published-03 Feb, 2009 | 19:00
Updated-07 Aug, 2024 | 04:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in offline_auth.php in Max.Blog 1.0.6 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username parameter.

Action-Not Available
Vendor-mzbservicesn/a
Product-max.blogn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-0295
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.17% / 38.56%
||
7 Day CHG~0.00%
Published-27 Jan, 2009 | 20:00
Updated-07 Aug, 2024 | 04:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in Information Technology Light Poll Information (ITLPoll) 2.7 Stable 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-itlpolln/a
Product-itpolln/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2009-0384
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 30.21%
||
7 Day CHG~0.00%
Published-02 Feb, 2009 | 19:00
Updated-07 Aug, 2024 | 04:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in autor.php in OwnRS CMS 1.2 allows remote attackers to execute arbitrary SQL commands via the id parameter.

Action-Not Available
Vendor-adam_tomecekn/a
Product-ownrsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-7114
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.32% / 54.30%
||
7 Day CHG~0.00%
Published-28 Aug, 2009 | 15:00
Updated-07 Aug, 2024 | 11:56
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in members_search.php in iFusion Services iFdate 2.0.3 and earlier allows remote attackers to execute arbitrary SQL commands via the name field.

Action-Not Available
Vendor-ifusionservicesn/a
Product-ifdaten/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-6226
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.20% / 42.46%
||
7 Day CHG~0.00%
Published-20 Feb, 2009 | 23:00
Updated-07 Aug, 2024 | 11:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in moreinfo.php in Pre Projects PHP Auto Listings Script, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the itemno parameter.

Action-Not Available
Vendor-preprojectn/a
Product-php_auto_listings_scriptn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-5954
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 32.92%
||
7 Day CHG~0.00%
Published-23 Jan, 2009 | 18:38
Updated-07 Aug, 2024 | 11:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in KTP Computer Customer Database (KTPCCD) CMS, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the lname parameter in a login action to an unspecified component. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Action-Not Available
Vendor-ktp_computer_customer_databasen/a
Product-ktp_computer_customer_databasen/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-6100
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 32.84%
||
7 Day CHG~0.00%
Published-10 Feb, 2009 | 18:00
Updated-07 Aug, 2024 | 11:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to (a) RSS1.php and (b) RSS2.php in misc/; and the (2) SubID parameter to (c) misc/RSS5.php.

Action-Not Available
Vendor-berliosn/a
Product-discussion_forum_2kn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-5940
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.66% / 70.22%
||
7 Day CHG~0.00%
Published-22 Jan, 2009 | 11:00
Updated-07 Aug, 2024 | 11:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in MODx 0.9.6.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the searchid parameter. NOTE: some of these details are obtained from third party information.

Action-Not Available
Vendor-modxcmsn/a
Product-modxcmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-5877
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.18% / 40.33%
||
7 Day CHG~0.00%
Published-08 Jan, 2009 | 19:00
Updated-07 Aug, 2024 | 11:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in Phpclanwebsite (aka PCW) 1.23.3 Fix Pack 5 and earlier, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php, (2) form_id parameter to pcw/processforms.php, (3) pcwlogin and (4) pcw_pass parameters to pcw/setlogin.php, (5) searchvalue parameter to pcw/downloads.php, and the (6) searchvalue and (7) whichfield parameter to pcw/downloads.php, a different vector than CVE-2006-0444.

Action-Not Available
Vendor-phpclanwebsiten/a
Product-phpclanwebsiten/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-6093
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.13% / 32.84%
||
7 Day CHG~0.00%
Published-09 Feb, 2009 | 17:00
Updated-07 Aug, 2024 | 11:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in Noname CMS 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the (1) file_id parameter in a detailansicht action and the (2) kategorie parameter in a kategorien action.

Action-Not Available
Vendor-noname-cmsn/a
Product-noname_cmsn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-6730
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 36.37%
||
7 Day CHG~0.00%
Published-20 Apr, 2009 | 14:06
Updated-07 Aug, 2024 | 11:42
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPLink Pro 0.0.6 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.

Action-Not Available
Vendor-china-on-siten/a
Product-flexphplinkn/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-6241
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.15% / 36.02%
||
7 Day CHG~0.00%
Published-23 Feb, 2009 | 15:00
Updated-07 Aug, 2024 | 11:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Multiple SQL injection vulnerabilities in admin/usercheck.php in FlexPHPSite 0.0.1 and 0.0.7, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the checkuser parameter (aka username field), or (2) the checkpass parameter (aka password field), to admin/index.php.

Action-Not Available
Vendor-china-on-siten/a
Product-flexphpsiten/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-6427
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-1.06% / 76.72%
||
7 Day CHG~0.00%
Published-06 Mar, 2009 | 18:00
Updated-07 Aug, 2024 | 11:27
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in index.php in Hivemaker Professional 1.0.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cid parameter.

Action-Not Available
Vendor-hivemakern/a
Product-hivemakern/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-6029
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.11% / 30.21%
||
7 Day CHG~0.00%
Published-03 Feb, 2009 | 11:00
Updated-07 Aug, 2024 | 11:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in search.php in BuzzyWall 1.3.1 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the search parameter.

Action-Not Available
Vendor-buzzywalln/a
Product-buzzywalln/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CVE-2008-6069
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.8||MEDIUM
EPSS-0.39% / 58.97%
||
7 Day CHG~0.00%
Published-06 Feb, 2009 | 01:00
Updated-07 Aug, 2024 | 11:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SQL injection vulnerability in e107chat.php in the eChat plugin 4.2 for e107, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the nick parameter.

Action-Not Available
Vendor-e107123flashchatn/a
Product-echat_plugine107n/a
CWE ID-CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
  • Previous
  • 1
  • 2
  • 3
  • 4
  • ...
  • 7
  • 8
  • Next
Details not found