PT-2010-1601 · Bandsite · Bandsite Cms

Sirgod

Published

2010-04-22

Updated

2017-09-19

CVE-2009-4792

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions BandSite CMS version 1.1.4

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the memid parameter to the "members.php" endpoint.

Recommendations For BandSite CMS version 1.1.4, consider restricting access to the members.php endpoint until a patch is available, and avoid using the memid parameter in this endpoint to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2009-4792

Affected Products

Bandsite Cms

PT-2010-1601 · Bandsite · Bandsite Cms

CVE-2009-4792

Weakness Enumeration

Related Identifiers

Affected Products

References · 5