CVE-2009-3961
Published Nov 17, 2009
Last updated 15 years ago
Overview
- Description
- SQL injection vulnerability in user.php in Super Serious Stats (aka superseriousstats) before 1.1.2p1 allows remote attackers to execute arbitrary SQL commands via the uid parameter, related to an "incorrect regexp." NOTE: some of these details are obtained from third party information.
- Source
- cve@mitre.org
- NVD status
- Modified
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
Weaknesses
- nvd@nist.gov
- CWE-89
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:jos_de_ruijter:superseriousstats:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E67DC620-75B6-4432-871D-312885277899",
"versionEndIncluding": "1.1.2"
},
{
"criteria": "cpe:2.3:a:jos_de_ruijter:superseriousstats:1.0.13:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "32A6FFBE-936F-497E-A057-964937F0A8BF"
},
{
"criteria": "cpe:2.3:a:jos_de_ruijter:superseriousstats:1.0.14:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "D1FB0BA3-7D35-430B-AC9C-82A6770C7AAE"
},
{
"criteria": "cpe:2.3:a:jos_de_ruijter:superseriousstats:1.0.15:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0BADEA01-DA2C-4E6F-81BF-0C5D861AE6E7"
},
{
"criteria": "cpe:2.3:a:jos_de_ruijter:superseriousstats:1.0.16:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "8718D0DA-9803-4265-8848-54A00055E671"
},
{
"criteria": "cpe:2.3:a:jos_de_ruijter:superseriousstats:1.1.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1D07DAB5-39E0-4758-BD42-7DB4C71D8DC6"
},
{
"criteria": "cpe:2.3:a:jos_de_ruijter:superseriousstats:1.1.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E23D3D44-6423-4C3E-8E96-932786D4A610"
}
],
"operator": "OR"
}
]
}
]