Vulnerability Description
Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspassword parameter (Password field).
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mocdesigns | Php News | 1.1 |
Related Weaknesses (CWE)
References
- http://www.exploit-db.com/exploits/9353
- http://www.vupen.com/english/advisories/2009/2161Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52231
- http://www.exploit-db.com/exploits/9353
- http://www.vupen.com/english/advisories/2009/2161Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52231
FAQ
What is CVE-2009-2921?
CVE-2009-2921 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple SQL injection vulnerabilities in login.php in MOC Designs PHP News 1.1 allow remote attackers to execute arbitrary SQL commands via the (1) newsuser parameter (User field) and (2) newspasswor...
How severe is CVE-2009-2921?
CVE-2009-2921 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2921?
Check the references section above for vendor advisories and patch information. Affected products include: Mocdesigns Php News.