Vulnerability Description
SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname, (2) christname, (3) company_name, (4) is_company, (5) email, (6) phone, (7) fax, (8) addr1, (9) addr2, (10) addr3, (11) zipcode, (12) city, (13) state, (14) country, and (15) vat_num parameters.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gplhost | Domain Technologie Control | <= 0.29.8 |
Related Weaknesses (CWE)
References
- http://freshmeat.net/projects/dtc/?branch_id=22759&release_id=292973
- http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commitdiff%3Bh=056e1d1849ff3aa183a4
- http://osvdb.org/51631
- http://secunia.com/advisories/33698Vendor Advisory
- http://www.securityfocus.com/bid/33496
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48292
- http://freshmeat.net/projects/dtc/?branch_id=22759&release_id=292973
- http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commitdiff%3Bh=056e1d1849ff3aa183a4
- http://osvdb.org/51631
- http://secunia.com/advisories/33698Vendor Advisory
- http://www.securityfocus.com/bid/33496
- https://exchange.xforce.ibmcloud.com/vulnerabilities/48292
FAQ
What is CVE-2009-0402?
CVE-2009-0402 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname, (2) christnam...
How severe is CVE-2009-0402?
CVE-2009-0402 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-0402?
Check the references section above for vendor advisories and patch information. Affected products include: Gplhost Domain Technologie Control.