Published: 09/04/2009 Updated: 29/09/2017

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

SQL injection vulnerability in private/system/lib-session.php in glFusion 1.1.2 and previous versions allows remote malicious users to execute arbitrary SQL commands via the glf_session cookie parameter.

Vulnerable Product	Search on Vulmon	Subscribe to Product
glfusion glfusion 1.0.1
glfusion glfusion 1.0.0
glfusion glfusion 1.1.1
glfusion glfusion 1.1.0
glfusion glfusion

<?php /* glFusion <= 112 COM_applyFilter()/cookies remote blind sql injection exploit by Nine:Situations:Group::bookoo our site: retrogodaltervistaorg/ software site: wwwglfusionorg/ google dork: "Page created in" "seconds by glFusion" +RSS Found another vector of injection in ...

CWE-89 http://marc.info/?l=bugtraq&m=123877379105028&w=2 http://secunia.com/advisories/34575 http://retrogod.altervista.org/9sg_glfuso_sql_cookies.html http://osvdb.org/53286 http://www.glfusion.org/wiki/doku.php?id=glfusion:whatsnew http://www.securityfocus.com/bid/34361 https://exchange.xforce.ibmcloud.com/vulnerabilities/49652 https://www.exploit-db.com/exploits/8347 https://nvd.nist.gov https://www.exploit-db.com/exploits/8347/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2009-1282

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect