SecPod SCAP Repo, a repository of SCAP Content (CVE, CCE, CPE, CWE, OVAL and XCCDF)

Download | Alert*

CVE

CVE-2009-1661

SQL injection vulnerability in admin/utopic.php in uTopic 1.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the rating parameter to index.php.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:		CVSS V2 Severity:
CVSS Score :		CVSS Score : 6.8
Exploit Score:		Exploit Score: 8.6
Impact Score:		Impact Score: 6.4

CVSS V3 Metrics:		CVSS V2 Metrics:
Attack Vector:		Access Vector: NETWORK
Attack Complexity:		Access Complexity: MEDIUM
Privileges Required:		Authentication: NONE
User Interaction:		Confidentiality: PARTIAL
Scope:		Integrity: PARTIAL
Confidentiality:		Availability: PARTIAL
Integrity:
Availability:

Reference:

http://www.securityfocus.com/archive/1/archive/1/503422/100/0/threaded

http://sourceforge.net/project/shownotes.php?group_id=261386&release_id=680474

microtopic-rating-sql-injection(50428)


24128



131573



110139



909



85964



136