CVE-2009-1208

Published Apr 1, 2009

Last updated 8 years ago

CVSS info 7.5

Overview

Description: SQL injection vulnerability in auth2db 0.2.5, and possibly other versions before 0.2.7, uses the addslashes function instead of the mysql_real_escape_string function, which allows remote attackers to conduct SQL injection attacks using multibyte character encodings.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:auth2db:auth2db:0.1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7ADBE959-5BD2-4F1C-B661-B7CFFFB7AA52"
          },
          {
            "criteria": "cpe:2.3:a:auth2db:auth2db:0.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D75A90F6-62CF-41C3-A8ED-D9B1F2B0E8DA"
          },
          {
            "criteria": "cpe:2.3:a:auth2db:auth2db:0.1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C892EC6A-A4BB-4985-AD36-1B3109649130"
          },
          {
            "criteria": "cpe:2.3:a:auth2db:auth2db:0.1.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0F874A8E-890E-43E3-A2B1-6405541D9960"
          },
          {
            "criteria": "cpe:2.3:a:auth2db:auth2db:0.1.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "44B108BC-10AE-486A-A609-2E96DB094557"
          },
          {
            "criteria": "cpe:2.3:a:auth2db:auth2db:0.1.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "96EE7BE6-882D-4B2A-AB7B-4C3C9F79A836"
          },
          {
            "criteria": "cpe:2.3:a:auth2db:auth2db:0.1.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F8B5F172-9E20-49E8-A337-85C46F85CBDB"
          },
          {
            "criteria": "cpe:2.3:a:auth2db:auth2db:0.1.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "576B8177-220D-4D9B-A7B9-F6972751D0D7"
          },
          {
            "criteria": "cpe:2.3:a:auth2db:auth2db:0.1.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "743F3844-D07B-4031-BC79-9723FB1EE7C2"
          },
          {
            "criteria": "cpe:2.3:a:auth2db:auth2db:0.2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9364AFFB-1718-4C7B-A2F0-826883E53D54"
          },
          {
            "criteria": "cpe:2.3:a:auth2db:auth2db:0.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "67ACADB2-A81D-4617-9039-6DD7C5DC4B41"
          },
          {
            "criteria": "cpe:2.3:a:auth2db:auth2db:0.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06E6DEC0-36A5-4A4B-BD55-11538713EA87"
          },
          {
            "criteria": "cpe:2.3:a:auth2db:auth2db:0.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EFCB393B-EFAD-4C01-B43B-738E73B5842F"
          },
          {
            "criteria": "cpe:2.3:a:auth2db:auth2db:0.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "85462ABB-BCBB-4528-962A-FB4CF44D961A"
          },
          {
            "criteria": "cpe:2.3:a:auth2db:auth2db:0.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "70D14ACC-ECEE-4CB7-B7E8-D4565DD46D38"
          },
          {
            "criteria": "cpe:2.3:a:auth2db:auth2db:0.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A1842BC-FF1E-4AEC-8B48-B15FF888CAFA"
          },
          {
            "criteria": "cpe:2.3:a:auth2dbauth2db:0.1.1:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50EB40E3-1A47-4A0E-BF48-E33D0D64F49B"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References