Sign-up

ID

VAR-200904-0554


CVE

CVE-2009-1480


TITLE

index.php Pragyan CMS In SQL Injection vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2009-005973

DESCRIPTION

SQL injection vulnerability in index.php Pragyan CMS 2.6.4 allows remote attackers to execute arbitrary SQL commands via the fileget parameter in a view action and other unspecified vectors. Pragyan CMS is prone to multiple SQL-injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. Pragyan CMS 2.6.4 is vulnerable; other versions may also be affected

Trust: 1.89

sources: NVD: CVE-2009-1480 // JVNDB: JVNDB-2009-005973 // BID: 34707

AFFECTED PRODUCTS

vendor:pragyan cmsmodel:pragyan cmsscope:eqversion:2.6.4

Trust: 2.4

vendor:pragyanmodel:cms pragyan cmsscope:eqversion:2.6.4

Trust: 0.3

vendor:pragyanmodel:cms pragyan cmsscope:eqversion:2.6.2

Trust: 0.3

vendor:pragyanmodel:cms pragyan cmsscope:neversion:3.0

Trust: 0.3

sources: BID: 34707 // JVNDB: JVNDB-2009-005973 // CNNVD: CNNVD-200904-543 // NVD: CVE-2009-1480

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2009-1480
value: HIGH

Trust: 1.0

NVD: CVE-2009-1480
value: HIGH

Trust: 0.8

CNNVD: CNNVD-200904-543
value: HIGH

Trust: 0.6

nvd@nist.gov: CVE-2009-1480
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

sources: JVNDB: JVNDB-2009-005973 // CNNVD: CNNVD-200904-543 // NVD: CVE-2009-1480

PROBLEMTYPE DATA

problemtype:CWE-89

Trust: 1.8

sources: JVNDB: JVNDB-2009-005973 // NVD: CVE-2009-1480

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-200904-543

TYPE

SQL injection

Trust: 0.6

sources: CNNVD: CNNVD-200904-543

CONFIGURATIONS

sources:
            
            
            JVNDB: JVNDB-2009-005973

PATCH
title:Pragyan CMSurl:http://sourceforge.net/projects/pragyan/
Trust: 0.8
sources:
            
            
            JVNDB: JVNDB-2009-005973

EXTERNAL IDS
db:NVDid:CVE-2009-1480
Trust: 2.4
db:BIDid:34707
Trust: 1.9
db:EXPLOIT-DBid:8533
Trust: 1.6
db:JVNDBid:JVNDB-2009-005973
Trust: 0.8
db:BUGTRAQid:20090424 PRAGYAN CMS 2.6.4 MULTIPLE SQL INJECTION VULNERABILITIES
Trust: 0.6
db:MILW0RMid:8533
Trust: 0.6
db:CNNVDid:CNNVD-200904-543
Trust: 0.6
sources:
            
            
            BID: 34707 // 
            
            
            
            JVNDB: JVNDB-2009-005973 // 
            
            
            
            CNNVD: CNNVD-200904-543 // 
            
            
            
            NVD: CVE-2009-1480

REFERENCES
url:http://www.securityfocus.com/bid/34707
Trust: 1.6
url:https://www.exploit-db.com/exploits/8533
Trust: 1.0
url:http://www.securityfocus.com/archive/1/502933/100/0/threaded
Trust: 1.0
url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2009-1480
Trust: 0.8
url:http://web.nvd.nist.gov/view/vuln/detail?vulnid=cve-2009-1480
Trust: 0.8
url:http://www.securityfocus.com/archive/1/archive/1/502933/100/0/threaded
Trust: 0.6
url:http://www.milw0rm.com/exploits/8533
Trust: 0.6
url:http://sourceforge.net/projects/pragyan/
Trust: 0.3
url:/archive/1/502933
Trust: 0.3
url:/archive/1/512953
Trust: 0.3
sources:
            
            
            BID: 34707 // 
            
            
            
            JVNDB: JVNDB-2009-005973 // 
            
            
            
            CNNVD: CNNVD-200904-543 // 
            
            
            
            NVD: CVE-2009-1480

CREDITS
Salvatore "drosophila" Fresta
Trust: 0.9
sources:
            
            
            BID: 34707 // 
            
            
            
            CNNVD: CNNVD-200904-543

SOURCES
db:BIDid:34707
db:JVNDBid:JVNDB-2009-005973
db:CNNVDid:CNNVD-200904-543
db:NVDid:CVE-2009-1480

LAST UPDATE DATE
2025-04-10T23:12:54.442000+00:00

SOURCES UPDATE DATE
db:BIDid:34707date:2010-08-09T16:15:00
db:JVNDBid:JVNDB-2009-005973date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200904-543date:2009-04-29T00:00:00
db:NVDid:CVE-2009-1480date:2025-04-09T00:30:58.490

SOURCES RELEASE DATE
db:BIDid:34707date:2009-04-24T00:00:00
db:JVNDBid:JVNDB-2009-005973date:2012-12-20T00:00:00
db:CNNVDid:CNNVD-200904-543date:2009-04-29T00:00:00
db:NVDid:CVE-2009-1480date:2009-04-29T18:30:00.327