CVE-2009-4628

Опубликовано: 18 янв. 2010

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

SQL injection vulnerability in the TemplatePlaza.com TPDugg (com_tpdugg) component 1.1 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a tags action to index.php.

Ссылки

http://evilc0de.blogspot.com/2009/09/tpdugg-joomla-component-11-blind-sql.html
Exploit
http://osvdb.org/57894
http://secunia.com/advisories/36656
Vendor Advisory
http://www.exploit-db.com/exploits/9602
http://www.securityfocus.com/bid/36321
http://www.templateplazza.com/extensions-updates/tpdugg-component-update-v-1.1.1.html
Patch
http://www.vupen.com/english/advisories/2009/2610
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/53108
http://evilc0de.blogspot.com/2009/09/tpdugg-joomla-component-11-blind-sql.html
Exploit
http://osvdb.org/57894
http://secunia.com/advisories/36656
Vendor Advisory
http://www.exploit-db.com/exploits/9602
http://www.securityfocus.com/bid/36321
http://www.templateplazza.com/extensions-updates/tpdugg-component-update-v-1.1.1.html
Patch
http://www.vupen.com/english/advisories/2009/2610
Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/53108

Уязвимые конфигурации

Конфигурация 1

Одновременно

cpe:2.3:a:templateplaza:com_tpdugg:1.1:*:*:*:*:*:*:*

cpe:2.3:a:joomla:joomla\!:*:*:*:*:*:*:*:*

EPSS

Процентиль: 87%

0.03592

Низкий

7.5 High

CVSS2

Дефекты

CWE-89

Связанные уязвимости

GHSA-h894-7j79-c6vg

github

почти 4 года назад