1. Home
  2. CVE Database
  3. CVE-2009-3514
MEDIUM · 6.5

CVE-2009-3514

Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to e...

Vulnerability Description

Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to execute arbitrary SQL commands via the (2) edit_id and (3) _p parameter in a news action to dnet_admin/index.php.

CVSS Score

6.5

MEDIUM

AV:N/AC:L/Au:S/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
Marcin ManekD.Net CmsAll versions

Related Weaknesses (CWE)

CWE-89

References

FAQ

What is CVE-2009-3514?

CVE-2009-3514 is a vulnerability with a CVSS score of 6.5 (MEDIUM). Multiple SQL injection vulnerabilities in d.net CMS allow remote attackers to execute arbitrary SQL commands via (1) the page parameter to index.php; and allow remote authenticated administrators to e...

How severe is CVE-2009-3514?

CVE-2009-3514 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-3514?

Check the references section above for vendor advisories and patch information. Affected products include: Marcin Manek D.Net Cms.