CVE-2009-2579
Published Aug 5, 2009
Last updated 6 years ago
Overview
- Description
- SQL injection vulnerability in reward_points.post.php in the Reward points addon in CS-Cart before 2.0.6 allows remote authenticated users to execute arbitrary SQL commands via the sort_order parameter in a reward_points.userlog action to index.php, a different vulnerability than CVE-2005-4429.2.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 6.5
- Impact score
- 6.4
- Exploitability score
- 8
- Vector string
- AV:N/AC:L/Au:S/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-89
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:cs-cart:cs-cart:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "772E5AD9-A801-48B7-94AD-D2C0007775A9",
"versionEndIncluding": "2.0.5"
},
{
"criteria": "cpe:2.3:a:cs-cart:cs-cart:1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A21449C4-0D1F-4642-9193-19E178C0A2CB"
},
{
"criteria": "cpe:2.3:a:cs-cart:cs-cart:1.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0FFBA9BB-10CA-4EA4-A164-7B4AEB60BCA1"
},
{
"criteria": "cpe:2.3:a:cs-cart:cs-cart:1.3.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "4EA28C65-C87E-47B9-AEB2-A2007851A2DE"
},
{
"criteria": "cpe:2.3:a:cs-cart:cs-cart:1.3.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2560C3BF-C7DC-4645-B278-F86658660ADE"
},
{
"criteria": "cpe:2.3:a:cs-cart:cs-cart:1.3.2:sp2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F6184F41-3EF2-4DDA-A22E-24CF5EA7F008"
},
{
"criteria": "cpe:2.3:a:cs-cart:cs-cart:1.3.2:sp2:trial_edition:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "9979A5D8-91BE-4956-A408-DECEADE7D16E"
},
{
"criteria": "cpe:2.3:a:cs-cart:cs-cart:1.3.3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "48662D7D-F946-45A4-AC02-0A25168154E6"
},
{
"criteria": "cpe:2.3:a:cs-cart:cs-cart:1.3.5:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "7CFECABA-FEB5-407D-9324-9722E0545B0E"
},
{
"criteria": "cpe:2.3:a:cs-cart:cs-cart:1.3.5:sp4:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8F660773-EA54-4596-A22E-951D66C927B0"
},
{
"criteria": "cpe:2.3:a:cs-cart:cs-cart:1.3.5sp2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "5C4FF089-8732-44B9-8E6C-A78843650899"
},
{
"criteria": "cpe:2.3:a:cs-cart:cs-cart:1.3.5sp3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "F36E061E-3FB9-4036-97D7-652C6ADCC5C9"
},
{
"criteria": "cpe:2.3:a:cs-cart:cs-cart:2.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "24A42E28-C26D-45EF-AAE4-DACFB5985F9D"
},
{
"criteria": "cpe:2.3:a:cs-cart:cs-cart:2.0:beta:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "A5FA82CA-6192-4339-89BB-6AE5603CBAE1"
},
{
"criteria": "cpe:2.3:a:cs-cart:cs-cart:2.0:beta2:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "31CEA327-84CE-4B4C-8D27-242EB22A6B4B"
},
{
"criteria": "cpe:2.3:a:cs-cart:cs-cart:2.0:beta3:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "CC2AB928-9018-4264-A139-1C3826B4F86B"
},
{
"criteria": "cpe:2.3:a:cs-cart:cs-cart:2.0:rc:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "16980629-1BF0-4ADE-918B-824C6B1AFCB1"
},
{
"criteria": "cpe:2.3:a:cs-cart:cs-cart:2.0.4:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E17EEE6D-48BD-4BEA-9246-CA3FF6A032C4"
}
],
"operator": "OR"
}
]
}
]