CVE-2009-1657: SQL Injection
First published: Mon May 18 2009(Updated: )
Multiple SQL injection vulnerabilities in the Starrating plugin before 0.7.7 for b2evolution allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Evolution | ||
| B2evolution | <=0.7.6 | |
| B2evolution | =0.6 | |
| B2evolution | =0.7 | |
| B2evolution | =0.7.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2009-1657?
CVE-2009-1657 is classified as a high-severity vulnerability due to its potential for remote code execution through SQL injection.
How do I fix CVE-2009-1657?
To fix CVE-2009-1657, update the Starrating plugin to version 0.7.7 or later.
What are the exploitation vectors for CVE-2009-1657?
CVE-2009-1657 can be exploited via various unspecified vectors allowing attackers to execute arbitrary SQL commands.
Which versions of the Starrating plugin are affected by CVE-2009-1657?
CVE-2009-1657 affects Starrating plugin versions 0.6 through 0.7.6.
Can CVE-2009-1657 be mitigated without upgrading the software?
Mitigation of CVE-2009-1657 is limited without upgrading, but implementing strict input validation may reduce risk.
- collector/nvd-historical
- agent/type
- agent/event
- agent/last-modified-date
- agent/first-publish-date
- agent/remedy
- agent/references
- agent/weakness
- agent/severity
- agent/author
- agent/description
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/b2evolution
- canonical/evolution
- canonical/b2evolution
- version/b2evolution/0.7.6
- version/b2evolution/0.6
- version/b2evolution/0.7
- version/b2evolution/0.7.5