Vulnerability Details CVE-2009-2366
SQL injection vulnerability in login.asp in DataCheck Solutions ForumPal FE 1.1 and ForumPal 1.5 allows remote attackers to execute arbitrary SQL commands via the (1) password parameter in 1.1 and (2) p_password parameter in 1.5. NOTE: some of these details are obtained from third party information.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 61.3%
CVSS Severity
CVSS v2 Score 7.5
References
- http://secunia.com/advisories/35589
- http://secunia.com/advisories/35603
- http://www.exploit-db.com/exploits/9024
- http://www.osvdb.org/55496
- http://www.osvdb.org/55497
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51403
- http://secunia.com/advisories/35589
- http://secunia.com/advisories/35603
- http://www.exploit-db.com/exploits/9024
- http://www.osvdb.org/55496
- http://www.osvdb.org/55497
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51403
Products affected by CVE-2009-2366
-
cpe:2.3:a:datachecknh:forumpal:1.5
-
cpe:2.3:a:datachecknh:forumpal_fe:1.1