CVE-2009-2439 - OpenCVE

Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php. NOTE: this is a product that was developed by a third party; it is not associated with alibaba.com or the Alibaba Group.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Web Development House	Alibaba Clone

Configuration 1 [-]

cpe:2.3:a:web_development_house:alibaba_clone:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://packetstormsecurity.org/0907-exploits/alibabaclone-sql.txt
http://secunia.com/advisories/35741
http://www.vupen.com/english/advisories/2009/1838

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-07-13T14:00:00

Updated: 2024-08-07T05:52:14.775Z

Reserved: 2009-07-13T00:00:00

Link: CVE-2009-2439

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2009-07-13T14:30:00.297

Modified: 2010-02-13T05:00:00.000

Link: CVE-2009-2439

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-07-09T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php. NOTE: this is a product that was developed by a third party; it is not associated with alibaba.com or the Alibaba Group."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2010-02-13T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "ADV-2009-1838", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1838"}, {"name": "35741", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35741"}, {"tags": ["x_refsource_MISC"], "url": "http://packetstormsecurity.org/0907-exploits/alibabaclone-sql.txt"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-2439", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php. NOTE: this is a product that was developed by a third party; it is not associated with alibaba.com or the Alibaba Group."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "ADV-2009-1838", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1838"}, {"name": "35741", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35741"}, {"name": "http://packetstormsecurity.org/0907-exploits/alibabaclone-sql.txt", "refsource": "MISC", "url": "http://packetstormsecurity.org/0907-exploits/alibabaclone-sql.txt"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:52:14.775Z"}, "title": "CVE Program Container", "references": [{"name": "ADV-2009-1838", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1838"}, {"name": "35741", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35741"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://packetstormsecurity.org/0907-exploits/alibabaclone-sql.txt"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-2439", "datePublished": "2009-07-13T14:00:00", "dateReserved": "2009-07-13T00:00:00", "dateUpdated": "2024-08-07T05:52:14.775Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:web_development_house:alibaba_clone:*:*:*:*:*:*:*:*", "matchCriteriaId": "40C8CCA5-B271-43B5-AA90-CD5D59DB527C", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in Web Development House Alibaba Clone allow remote attackers to execute arbitrary SQL commands via the (1) IndustryID parameter to category.php and the (2) SellerID parameter to supplier/view_contact_details.php. NOTE: this is a product that was developed by a third party; it is not associated with alibaba.com or the Alibaba Group."}, {"lang": "es", "value": "Varias vulnerabilidades de inyecci\u00f3n SQL en Web Development House Alibaba Clone, permite a los atacantes remotos ejecutar comandos SQL arbitrarios por medio del (1) par\u00e1metro IndustryID en category.php y el (2) par\u00e1metro SellerID en supplier/view_contact_details.php. NOTA: este es un producto que fue desarrollado por un tercero; no est\u00e1 asociado con alibaba.com o el Grupo Alibaba."}], "id": "CVE-2009-2439", "lastModified": "2010-02-13T05:00:00.000", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-07-13T14:30:00.297", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://packetstormsecurity.org/0907-exploits/alibabaclone-sql.txt"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35741"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1838"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}