CVE-2009-3961 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2009-3961?

CVE-2009-3961 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2009-3961?

Check the references section above for vendor advisories and patch information. Affected products include: Jos De Ruijter Superseriousstats.

Vulnerability Description

SQL injection vulnerability in user.php in Super Serious Stats (aka superseriousstats) before 1.1.2p1 allows remote attackers to execute arbitrary SQL commands via the uid parameter, related to an "incorrect regexp." NOTE: some of these details are obtained from third party information.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P

Confidentiality

PARTIAL

Integrity

PARTIAL

Availability

PARTIAL

Affected Products

Vendor	Product	Versions
Jos De Ruijter	Superseriousstats	<= 1.1.2

Related Weaknesses (CWE)

CWE-89

References

http://code.google.com/p/superseriousstats/Patch
http://secunia.com/advisories/37316
http://www.vupen.com/english/advisories/2009/3175Vendor Advisory
http://code.google.com/p/superseriousstats/Patch
http://secunia.com/advisories/37316
http://www.vupen.com/english/advisories/2009/3175Vendor Advisory

FAQ

What is CVE-2009-3961?

CVE-2009-3961 is a vulnerability with a CVSS score of 7.5 (HIGH). SQL injection vulnerability in user.php in Super Serious Stats (aka superseriousstats) before 1.1.2p1 allows remote attackers to execute arbitrary SQL commands via the uid parameter, related to an "in...

How severe is CVE-2009-3961?

CVE-2009-3961 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2009-3961?

Check the references section above for vendor advisories and patch information. Affected products include: Jos De Ruijter Superseriousstats.