CVE-2009-2308
PunBB Affiliates Mod 1.1 - Blind SQL Injection
Severity Score
7.5
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
4
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple SQL injection vulnerabilities in affiliates.php in the Affiliation (aka Affiliates) module 1.1.0 and earlier for PunBB allow remote attackers to execute arbitrary SQL commands via the (1) in or (2) out parameter.
Múltiples vulnerabilidades de inyección SQL en affiliates.php del módulo Affiliation (también conocido como Affiliates) v1.1.0 y anteriores para PunBB, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) "in" o (2) "out".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-06-30 First Exploit
- 2009-07-02 CVE Reserved
- 2009-07-02 CVE Published
- 2023-03-07 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
CAPEC
References (7)
| URL | Tag | Source |
|---|---|---|
| http://www.osvdb.org/55478 | Vdb Entry | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/51437 | Vdb Entry |
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/9055 | 2009-06-30 | |
| http://packetstormsecurity.org/0906-exploits/punbbaffiliations-blindsql.txt | 2024-08-07 | |
| http://packetstormsecurity.org/0906-exploits/punbbaffiliationsin-blindsql.txt | 2024-08-07 | |
| http://www.exploit-db.com/exploits/9055 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://secunia.com/advisories/35654 | 2017-09-19 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Punres Search vendor "Punres" | Affiliates Mod Search vendor "Punres" for product "Affiliates Mod" | <= 1.1.0 Search vendor "Punres" for product "Affiliates Mod" and version " <= 1.1.0" | - |
Affected
| in | Punbb Search vendor "Punbb" | Punbb Search vendor "Punbb" for product "Punbb" | * | - |
Safe
|
| Punres Search vendor "Punres" | Affiliates Mod Search vendor "Punres" for product "Affiliates Mod" | 1.0.0 Search vendor "Punres" for product "Affiliates Mod" and version "1.0.0" | - |
Affected
| in | Punbb Search vendor "Punbb" | Punbb Search vendor "Punbb" for product "Punbb" | * | - |
Safe
|