CVE

Id
40940  
CVE No.
CVE-2009-3505  
Status
Candidate  
Description
SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter. NOTE: the game_id vector is already covered by CVE-2008-4460.  
Phase
Assigned (20090930)  
Votes
None (candidate not yet proposed)  
Comments
 

Actions

Related CVE References

Id CVE Id CVE No. Reference Actions
448359 40940 CVE-2009-3505 MISC:http://packetstormsecurity.org/0909-exploits/mmorpgzone-sql.txt  View
448360 40940 CVE-2009-3505 BID:36483  View
448361 40940 CVE-2009-3505 URL:http://www.securityfocus.com/bid/36483  View
448362 40940 CVE-2009-3505 VUPEN:ADV-2009-2734  View
448363 40940 CVE-2009-3505 URL:http://www.vupen.com/english/advisories/2009/2734  View
448364 40940 CVE-2009-3505 XF:mmorpgzone-viewnews-sql-injection(53436)  View

Related JVN

Id JVN No. Title Summary CVE No. CVE Id CVSS_v2 CVSS_v3 JVN URL Actions
42805 JVNDB-2009-003812 CJ Dinamic Poll PRO の admin/admin_index.php におけるクロスサイトスクリプティングの脆弱性 CJ Dinamic Poll PRO の admin/admin_index.php には、クロスサイトスクリプティングの脆弱性が存在します。 CVE-2009-3509 40940 4.3 http://jvndb.jvn.jp/ja/contents/2009/JVNDB-2009-003812.html  View