CVE-2009-2290

Published Jul 1, 2009

Last updated 6 years ago

CVSS info 7.5

Overview

Description: SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) component 0.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) account or (2) event task to index.php.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 7.5
Impact score: 6.4
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-89

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:joomla:joomla\\!:*:*:*:*:*:*:*:*",
            "vulnerable": false,
            "matchCriteriaId": "2AC7400C-F6AF-4B5E-A34B-0222F94DCC46"
          }
        ],
        "operator": "OR"
      },
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:kim_eckert:com_bsadv:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D58FD58E-C8D6-4B86-BABF-C2CE19269BB7",
            "versionEndIncluding": "0.3"
          },
          {
            "criteria": "cpe:2.3:a:kim_eckert:com_bsadv:0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1723059B-4727-4CF3-803F-D467ADDF7BBD"
          },
          {
            "criteria": "cpe:2.3:a:kim_eckert:com_bsadv:0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1A06E8E4-7EB4-4433-92F3-30169E5EB320"
          },
          {
            "criteria": "cpe:2.3:a:kim_eckert:com_bsadv:0.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "69F11D78-6657-4D27-A192-6CA30EC0CE6D"
          }
        ],
        "operator": "OR"
      }
    ],
    "operator": "AND"
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References