CVE-2009-0252

EUVD-2009-0260
Multiple SQL injection vulnerabilities in default.asp in Enthrallweb eReservations allow remote attackers to execute arbitrary SQL commands via the (1) Login parameter (aka username field) or the (2) Password parameter (aka password field).  NOTE: some of these details are obtained from third party information.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
enthrallwebereservations
*
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://osvdb.org/51456
http://secunia.com/advisories/33578
http://www.securityfocus.com/bid/33321
https://exchange.xforce.ibmcloud.com/vulnerabilities/48062
https://www.exploit-db.com/exploits/7801
http://osvdb.org/51456
http://secunia.com/advisories/33578
http://www.securityfocus.com/bid/33321
https://exchange.xforce.ibmcloud.com/vulnerabilities/48062
https://www.exploit-db.com/exploits/7801