CVE-2009-0402

SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname, (2) christname, (3) company_name, (4) is_company, (5) email, (6) phone, (7) fax, (8) addr1, (9) addr2, (10) addr3, (11) zipcode, (12) city, (13) state, (14) country, and (15) vat_num parameters.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 71%
VendorProductVersion
gplhostdomain_technologie_control
𝑥
≤ 0.29.8
gplhostdomain_technologie_control
0.26.7
gplhostdomain_technologie_control
0.26.8
gplhostdomain_technologie_control
0.26.9
gplhostdomain_technologie_control
0.27.3
gplhostdomain_technologie_control
0.28.2
gplhostdomain_technologie_control
0.28.3
gplhostdomain_technologie_control
0.28.10
gplhostdomain_technologie_control
0.29.1
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://freshmeat.net/projects/dtc/?branch_id=22759&release_id=292973
http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commitdiff%3Bh=056e1d1849ff3aa183a410e2aab1c1c3e969247d
http://osvdb.org/51631
http://secunia.com/advisories/33698
http://www.securityfocus.com/bid/33496
https://exchange.xforce.ibmcloud.com/vulnerabilities/48292
http://freshmeat.net/projects/dtc/?branch_id=22759&release_id=292973
http://git.gplhost.com/gitweb/?p=dtc.git%3Ba=commitdiff%3Bh=056e1d1849ff3aa183a410e2aab1c1c3e969247d
http://osvdb.org/51631
http://secunia.com/advisories/33698
http://www.securityfocus.com/bid/33496
https://exchange.xforce.ibmcloud.com/vulnerabilities/48292