CVE-2009-3118 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2009-3118?

CVE-2009-3118 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-3118?

Check the references section above for vendor advisories and patch information. Affected products include: Danneo Cms.

Vulnerability Description

SQL injection vulnerability in mod/poll/comment.php in the vote module in Danneo CMS 0.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the comtext parameter, in conjunction with crafted comname and comtitle parameters, in a poll action to index.php, related to incorrect input sanitization in base/danneo.function.php.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Danneo	Cms	<= 0.5.2

Related Weaknesses (CWE)

CWE-89

References

http://packetstormsecurity.org/0908-exploits/danneo052-sql.txtExploit
http://secunia.com/advisories/36440Vendor Advisory
http://www.vupen.com/english/advisories/2009/2459Vendor Advisory
http://packetstormsecurity.org/0908-exploits/danneo052-sql.txtExploit
http://secunia.com/advisories/36440Vendor Advisory
http://www.vupen.com/english/advisories/2009/2459Vendor Advisory

FAQ

What is CVE-2009-3118?

CVE-2009-3118 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in mod/poll/comment.php in the vote module in Danneo CMS 0.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the comtext parameter, in conjuncti...

How severe is CVE-2009-3118?

CVE-2009-3118 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-3118?

Check the references section above for vendor advisories and patch information. Affected products include: Danneo Cms.