CVE-2009-0402

Published Feb 3, 2009

Last updated a year ago

CVSS info 7.5

Overview

Description: SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname, (2) christname, (3) company_name, (4) is_company, (5) email, (6) phone, (7) fax, (8) addr1, (9) addr2, (10) addr3, (11) zipcode, (12) city, (13) state, (14) country, and (15) vat_num parameters.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:gplhost:domain_technologie_control:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DFB07760-4780-40D5-94F8-A7E323AC05B0",
            "versionEndIncluding": "0.29.8"
          },
          {
            "criteria": "cpe:2.3:a:gplhost:domain_technologie_control:0.26.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "48453D15-9383-453A-80DE-CBA330DF43EC"
          },
          {
            "criteria": "cpe:2.3:a:gplhost:domain_technologie_control:0.26.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6ECDD453-4477-4567-85EC-9FBB777577C9"
          },
          {
            "criteria": "cpe:2.3:a:gplhost:domain_technologie_control:0.26.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F470F49-27DE-49D8-95B6-0BF562A5AFC2"
          },
          {
            "criteria": "cpe:2.3:a:gplhost:domain_technologie_control:0.27.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9623CC23-64B9-408E-9BFD-E5A6A2498D16"
          },
          {
            "criteria": "cpe:2.3:a:gplhost:domain_technologie_control:0.28.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E9E38991-255F-4590-9D1B-EDC9965D4745"
          },
          {
            "criteria": "cpe:2.3:a:gplhost:domain_technologie_control:0.28.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "25BAB9EE-D86A-4AC7-85D0-711B755F63DC"
          },
          {
            "criteria": "cpe:2.3:a:gplhost:domain_technologie_control:0.28.10:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3722E5B8-F002-4E81-A7A1-370D53EBFDC8"
          },
          {
            "criteria": "cpe:2.3:a:gplhost:domain_technologie_control:0.29.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F2A5B9D8-5268-4C34-943E-AEA918855EDF"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References