CVE-2009-0962

Unspecified vulnerability in Futomi's CGI Cafe MP Form Mail CGI eCommerce 1.3.0 and earlier, and CGI Professional 3.2.2 and earlier, allows remote attackers to gain administrative privileges via unknown attack vectors.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://www.securityfocus.com/bid/34071
http://www.futomi.com/library/info/2009/20090310.html	Vendor Advisory
http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000014.html
http://secunia.com/advisories/34197	Vendor Advisory
http://jvn.jp/en/jp/JVN84899898/index.html
http://osvdb.org/52527
https://exchange.xforce.ibmcloud.com/vulnerabilities/49180
https://exchange.xforce.ibmcloud.com/vulnerabilities/49179

Advertisement

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:futomi:mp_form_mail_cgi::-:ecommerce:::::
	cpe:2.3:a:futomi:mp_form_mail_cgi::-:pro:::::

Information

Published : 2009-03-18 17:30

Updated : 2017-08-16 18:30

NVD link : CVE-2009-0962

Mitre link : CVE-2009-0962

JSON object : View

CWE

NVD-CWE-noinfo

Advertisement

Products Affected

futomi

mp_form_mail_cgi

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.securityfocus.com/bid/34071", "name": "34071", "tags": [], "refsource": "BID"}, {"url": "http://www.futomi.com/library/info/2009/20090310.html", "name": "http://www.futomi.com/library/info/2009/20090310.html", "tags": ["Vendor Advisory"], "refsource": "CONFIRM"}, {"url": "http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-000014.html", "name": "JVNDB-2009-000014", "tags": [], "refsource": "JVNDB"}, {"url": "http://secunia.com/advisories/34197", "name": "34197", "tags": ["Vendor Advisory"], "refsource": "SECUNIA"}, {"url": "http://jvn.jp/en/jp/JVN84899898/index.html", "name": "JVN#84899898", "tags": [], "refsource": "JVN"}, {"url": "http://osvdb.org/52527", "name": "52527", "tags": [], "refsource": "OSVDB"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49180", "name": "mpformmailcgi-pro-unspecified-sec-bypass(49180)", "tags": [], "refsource": "XF"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/49179", "name": "mpformmailcgi-ecom-unspecified-sec-bypass(49179)", "tags": [], "refsource": "XF"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "Unspecified vulnerability in Futomi's CGI Cafe MP Form Mail CGI eCommerce 1.3.0 and earlier, and CGI Professional 3.2.2 and earlier, allows remote attackers to gain administrative privileges via unknown attack vectors."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2009-0962", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "severity": "HIGH", "impactScore": 6.4, "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}}, "publishedDate": "2009-03-19T00:30Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:futomi:mp_form_mail_cgi:*:-:ecommerce:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "1.3.0"}, {"cpe23Uri": "cpe:2.3:a:futomi:mp_form_mail_cgi:*:-:pro:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndIncluding": "3.2.2"}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2017-08-17T01:30Z"}