Vulnerability Description
Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to player.php and the (2) hash parameter to song.php.
CVSS Score
7.5
HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Fretsweb Project | Fretsweb | 1.2 |
Related Weaknesses (CWE)
References
- http://osvdb.org/55167Broken Link
- http://osvdb.org/55168Broken Link
- http://secunia.com/advisories/35492Vendor Advisory
- http://sourceforge.net/forum/forum.php?forum_id=966939Patch
- https://www.exploit-db.com/exploits/8980Third Party AdvisoryVDB Entry
- http://osvdb.org/55167Broken Link
- http://osvdb.org/55168Broken Link
- http://secunia.com/advisories/35492Vendor Advisory
- http://sourceforge.net/forum/forum.php?forum_id=966939Patch
- https://www.exploit-db.com/exploits/8980Third Party AdvisoryVDB Entry
FAQ
What is CVE-2009-2113?
CVE-2009-2113 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to player.php and the (2) hash parameter to song.php.
How severe is CVE-2009-2113?
CVE-2009-2113 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2113?
Check the references section above for vendor advisories and patch information. Affected products include: Fretsweb Project Fretsweb.