CVE-2009-2123

Multiple SQL injection vulnerabilities in Elvin 1.2.0 allow remote attackers to execute arbitrary SQL commands via the (1) inUser (aka Username) and (2) inPass (aka Password) parameters to (a) inc/login.ei, reachable through login.php; and the (3) id parameter to (b) show_bug.php and (c) show_activity.php.  NOTE: it was later reported that vector 3c also affects 1.2.2.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 58%
VendorProductVersion
elvinbtselvinbts
1.2.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://secunia.com/advisories/35486
https://www.exploit-db.com/exploits/8953
https://www.exploit-db.com/exploits/9342
http://secunia.com/advisories/35486
https://www.exploit-db.com/exploits/8953
https://www.exploit-db.com/exploits/9342