cpe:/a:sigsiu.net:sobi2:2.8.2:rc CVE-2009-0380 2009-02-02T14:00:00.297-05:00 2017-09-28T21:33:47.293-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-02-02T14:14:00.000-05:00 ALLOWS_OTHER_ACCESS VIM 20090130 SOBI2 showbiz SQL injection - false, or site-specific BID 33378 EXPLOIT-DB 7841 XF sobi2-bid-sql-injection(48131) ** DISPUTED ** SQL injection vulnerability in the Sigsiu Online Business Index 2 (SOBI2, com_sobi2) RC 2.8.2 component for Joomla! and Mambo allows remote attackers to execute arbitrary SQL commands via the bid parameter in a showbiz action to index.php, a different vector than CVE-2008-0607. NOTE: CVE disputes this issue, since neither "showbiz" nor "bid" appears in the source code for SOBI2.