Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
4 vulnerabilities by 4site
CVE-2010-4152 (GCVE-0-2010-4152)
Vulnerability from nvd – Published: 2010-11-03 19:00 – Updated: 2024-08-07 03:34
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the i and th vectors are already covered by CVE-2009-0646.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/514376/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.htbridge.ch/advisory/sql_injection_in_… | x_refsource_MISC |
| http://secunia.com/advisories/33733 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/44258 | vdb-entryx_refsource_BID |
Date Public
2010-10-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20101019 SQL Injection in 4site CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514376/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/sql_injection_in_4site_cms.html"
},
{
"name": "33733",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33733"
},
{
"name": "44258",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44258"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the i and th vectors are already covered by CVE-2009-0646."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20101019 SQL Injection in 4site CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514376/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/sql_injection_in_4site_cms.html"
},
{
"name": "33733",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33733"
},
{
"name": "44258",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44258"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the i and th vectors are already covered by CVE-2009-0646."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20101019 SQL Injection in 4site CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514376/100/0/threaded"
},
{
"name": "http://www.htbridge.ch/advisory/sql_injection_in_4site_cms.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/sql_injection_in_4site_cms.html"
},
{
"name": "33733",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33733"
},
{
"name": "44258",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44258"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4152",
"datePublished": "2010-11-03T19:00:00.000Z",
"dateReserved": "2010-11-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:34:37.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0646 (GCVE-0-2009-0646)
Vulnerability from nvd – Published: 2009-02-18 23:00 – Updated: 2024-08-07 04:40
VLAI
EPSS
VEX
Summary
Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) password parameters to pcgi/4site.pl, (3) page parameter to print/print.shtml, (4) s and (5) i parameters to portfolio/index.shtml, (6) h parameter to hotel/index.php, (7) id parameter to news/news1.shtml, and the (8) th parameter to faq/index.shtml.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/514376/100… | mailing-listx_refsource_BUGTRAQ |
| https://www.exploit-db.com/exploits/7964 | exploitx_refsource_EXPLOIT-DB |
| http://wsec.ru/wsec-09-002-4site-cms-26-multiple-… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/51806 | vdb-entryx_refsource_OSVDB |
| http://www.htbridge.ch/advisory/sql_injection_in_… | x_refsource_MISC |
| http://www.osvdb.org/51809 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/33594 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/51808 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/51807 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/33733 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2009-02-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4sitecms-hotels-sql-injection(48486)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48486"
},
{
"name": "20101019 SQL Injection in 4site CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514376/100/0/threaded"
},
{
"name": "7964",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7964"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wsec.ru/wsec-09-002-4site-cms-26-multiple-sql-injections/"
},
{
"name": "4sitecms-pages-sql-injection(48483)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48483"
},
{
"name": "51806",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/51806"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/sql_injection_in_4site_cms.html"
},
{
"name": "51809",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/51809"
},
{
"name": "4sitecms-faq-sql-injection(48488)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48488"
},
{
"name": "33594",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33594"
},
{
"name": "51808",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/51808"
},
{
"name": "51807",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/51807"
},
{
"name": "33733",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33733"
},
{
"name": "4sitecms-news-sql-injection(48487)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48487"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) password parameters to pcgi/4site.pl, (3) page parameter to print/print.shtml, (4) s and (5) i parameters to portfolio/index.shtml, (6) h parameter to hotel/index.php, (7) id parameter to news/news1.shtml, and the (8) th parameter to faq/index.shtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4sitecms-hotels-sql-injection(48486)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48486"
},
{
"name": "20101019 SQL Injection in 4site CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514376/100/0/threaded"
},
{
"name": "7964",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7964"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wsec.ru/wsec-09-002-4site-cms-26-multiple-sql-injections/"
},
{
"name": "4sitecms-pages-sql-injection(48483)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48483"
},
{
"name": "51806",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/51806"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/sql_injection_in_4site_cms.html"
},
{
"name": "51809",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/51809"
},
{
"name": "4sitecms-faq-sql-injection(48488)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48488"
},
{
"name": "33594",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33594"
},
{
"name": "51808",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/51808"
},
{
"name": "51807",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/51807"
},
{
"name": "33733",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33733"
},
{
"name": "4sitecms-news-sql-injection(48487)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48487"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) password parameters to pcgi/4site.pl, (3) page parameter to print/print.shtml, (4) s and (5) i parameters to portfolio/index.shtml, (6) h parameter to hotel/index.php, (7) id parameter to news/news1.shtml, and the (8) th parameter to faq/index.shtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4sitecms-hotels-sql-injection(48486)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48486"
},
{
"name": "20101019 SQL Injection in 4site CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514376/100/0/threaded"
},
{
"name": "7964",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7964"
},
{
"name": "http://wsec.ru/wsec-09-002-4site-cms-26-multiple-sql-injections/",
"refsource": "MISC",
"url": "http://wsec.ru/wsec-09-002-4site-cms-26-multiple-sql-injections/"
},
{
"name": "4sitecms-pages-sql-injection(48483)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48483"
},
{
"name": "51806",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/51806"
},
{
"name": "http://www.htbridge.ch/advisory/sql_injection_in_4site_cms.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/sql_injection_in_4site_cms.html"
},
{
"name": "51809",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/51809"
},
{
"name": "4sitecms-faq-sql-injection(48488)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48488"
},
{
"name": "33594",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33594"
},
{
"name": "51808",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/51808"
},
{
"name": "51807",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/51807"
},
{
"name": "33733",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33733"
},
{
"name": "4sitecms-news-sql-injection(48487)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48487"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0646",
"datePublished": "2009-02-18T23:00:00.000Z",
"dateReserved": "2009-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:40:05.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2010-4152 (GCVE-0-2010-4152)
Vulnerability from cvelistv5 – Published: 2010-11-03 19:00 – Updated: 2024-08-07 03:34
VLAI
EPSS
VEX
Summary
SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the i and th vectors are already covered by CVE-2009-0646.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://www.securityfocus.com/archive/1/514376/100… | mailing-listx_refsource_BUGTRAQ |
| http://www.htbridge.ch/advisory/sql_injection_in_… | x_refsource_MISC |
| http://secunia.com/advisories/33733 | third-party-advisoryx_refsource_SECUNIA |
| http://www.securityfocus.com/bid/44258 | vdb-entryx_refsource_BID |
Date Public
2010-10-19 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T03:34:37.685Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20101019 SQL Injection in 4site CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514376/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/sql_injection_in_4site_cms.html"
},
{
"name": "33733",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33733"
},
{
"name": "44258",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/44258"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2010-10-19T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the i and th vectors are already covered by CVE-2009-0646."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20101019 SQL Injection in 4site CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514376/100/0/threaded"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/sql_injection_in_4site_cms.html"
},
{
"name": "33733",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33733"
},
{
"name": "44258",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/44258"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2010-4152",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the i and th vectors are already covered by CVE-2009-0646."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20101019 SQL Injection in 4site CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514376/100/0/threaded"
},
{
"name": "http://www.htbridge.ch/advisory/sql_injection_in_4site_cms.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/sql_injection_in_4site_cms.html"
},
{
"name": "33733",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33733"
},
{
"name": "44258",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/44258"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2010-4152",
"datePublished": "2010-11-03T19:00:00.000Z",
"dateReserved": "2010-11-03T00:00:00.000Z",
"dateUpdated": "2024-08-07T03:34:37.685Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-0646 (GCVE-0-2009-0646)
Vulnerability from cvelistv5 – Published: 2009-02-18 23:00 – Updated: 2024-08-07 04:40
VLAI
EPSS
VEX
Summary
Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) password parameters to pcgi/4site.pl, (3) page parameter to print/print.shtml, (4) s and (5) i parameters to portfolio/index.shtml, (6) h parameter to hotel/index.php, (7) id parameter to news/news1.shtml, and the (8) th parameter to faq/index.shtml.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
14 references
| URL | Tags |
|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/archive/1/514376/100… | mailing-listx_refsource_BUGTRAQ |
| https://www.exploit-db.com/exploits/7964 | exploitx_refsource_EXPLOIT-DB |
| http://wsec.ru/wsec-09-002-4site-cms-26-multiple-… | x_refsource_MISC |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.osvdb.org/51806 | vdb-entryx_refsource_OSVDB |
| http://www.htbridge.ch/advisory/sql_injection_in_… | x_refsource_MISC |
| http://www.osvdb.org/51809 | vdb-entryx_refsource_OSVDB |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
| http://www.securityfocus.com/bid/33594 | vdb-entryx_refsource_BID |
| http://www.osvdb.org/51808 | vdb-entryx_refsource_OSVDB |
| http://www.osvdb.org/51807 | vdb-entryx_refsource_OSVDB |
| http://secunia.com/advisories/33733 | third-party-advisoryx_refsource_SECUNIA |
| https://exchange.xforce.ibmcloud.com/vulnerabilit… | vdb-entryx_refsource_XF |
Date Public
2009-02-03 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:40:05.113Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "4sitecms-hotels-sql-injection(48486)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48486"
},
{
"name": "20101019 SQL Injection in 4site CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://www.securityfocus.com/archive/1/514376/100/0/threaded"
},
{
"name": "7964",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB",
"x_transferred"
],
"url": "https://www.exploit-db.com/exploits/7964"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://wsec.ru/wsec-09-002-4site-cms-26-multiple-sql-injections/"
},
{
"name": "4sitecms-pages-sql-injection(48483)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48483"
},
{
"name": "51806",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/51806"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.htbridge.ch/advisory/sql_injection_in_4site_cms.html"
},
{
"name": "51809",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/51809"
},
{
"name": "4sitecms-faq-sql-injection(48488)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48488"
},
{
"name": "33594",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/33594"
},
{
"name": "51808",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/51808"
},
{
"name": "51807",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://www.osvdb.org/51807"
},
{
"name": "33733",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/33733"
},
{
"name": "4sitecms-news-sql-injection(48487)",
"tags": [
"vdb-entry",
"x_refsource_XF",
"x_transferred"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48487"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-03T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) password parameters to pcgi/4site.pl, (3) page parameter to print/print.shtml, (4) s and (5) i parameters to portfolio/index.shtml, (6) h parameter to hotel/index.php, (7) id parameter to news/news1.shtml, and the (8) th parameter to faq/index.shtml."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2018-10-10T18:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "4sitecms-hotels-sql-injection(48486)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48486"
},
{
"name": "20101019 SQL Injection in 4site CMS",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://www.securityfocus.com/archive/1/514376/100/0/threaded"
},
{
"name": "7964",
"tags": [
"exploit",
"x_refsource_EXPLOIT-DB"
],
"url": "https://www.exploit-db.com/exploits/7964"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://wsec.ru/wsec-09-002-4site-cms-26-multiple-sql-injections/"
},
{
"name": "4sitecms-pages-sql-injection(48483)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48483"
},
{
"name": "51806",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/51806"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.htbridge.ch/advisory/sql_injection_in_4site_cms.html"
},
{
"name": "51809",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/51809"
},
{
"name": "4sitecms-faq-sql-injection(48488)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48488"
},
{
"name": "33594",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/33594"
},
{
"name": "51808",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/51808"
},
{
"name": "51807",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://www.osvdb.org/51807"
},
{
"name": "33733",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/33733"
},
{
"name": "4sitecms-news-sql-injection(48487)",
"tags": [
"vdb-entry",
"x_refsource_XF"
],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48487"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-0646",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) password parameters to pcgi/4site.pl, (3) page parameter to print/print.shtml, (4) s and (5) i parameters to portfolio/index.shtml, (6) h parameter to hotel/index.php, (7) id parameter to news/news1.shtml, and the (8) th parameter to faq/index.shtml."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "4sitecms-hotels-sql-injection(48486)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48486"
},
{
"name": "20101019 SQL Injection in 4site CMS",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/514376/100/0/threaded"
},
{
"name": "7964",
"refsource": "EXPLOIT-DB",
"url": "https://www.exploit-db.com/exploits/7964"
},
{
"name": "http://wsec.ru/wsec-09-002-4site-cms-26-multiple-sql-injections/",
"refsource": "MISC",
"url": "http://wsec.ru/wsec-09-002-4site-cms-26-multiple-sql-injections/"
},
{
"name": "4sitecms-pages-sql-injection(48483)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48483"
},
{
"name": "51806",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/51806"
},
{
"name": "http://www.htbridge.ch/advisory/sql_injection_in_4site_cms.html",
"refsource": "MISC",
"url": "http://www.htbridge.ch/advisory/sql_injection_in_4site_cms.html"
},
{
"name": "51809",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/51809"
},
{
"name": "4sitecms-faq-sql-injection(48488)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48488"
},
{
"name": "33594",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/33594"
},
{
"name": "51808",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/51808"
},
{
"name": "51807",
"refsource": "OSVDB",
"url": "http://www.osvdb.org/51807"
},
{
"name": "33733",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/33733"
},
{
"name": "4sitecms-news-sql-injection(48487)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48487"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-0646",
"datePublished": "2009-02-18T23:00:00.000Z",
"dateReserved": "2009-02-18T00:00:00.000Z",
"dateUpdated": "2024-08-07T04:40:05.113Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}