PT-2009-4248 · Bigace · Bigace Cms

Yenh4Cker

Published

2009-05-22

Updated

2018-10-10

CVE-2009-1778

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:M/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions: BigACE CMS version 2.5

Description: The issue concerns a SQL injection vulnerability in the new user registration feature. This vulnerability allows remote attackers to execute arbitrary SQL commands via the username parameter when magic quotes gpc is disabled.

Recommendations: For BigACE CMS version 2.5, consider disabling the new user registration feature until a patch is available, or ensure that magic quotes gpc is enabled to mitigate the risk of SQL injection attacks. Additionally, restrict access to the registration feature to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2009-1778

Affected Products

Bigace Cms

PT-2009-4248 · Bigace · Bigace Cms

CVE-2009-1778

Weakness Enumeration

Related Identifiers

Affected Products

References · 7