CVE-2009-1742 - Vulnerability Details - OpenCVE

code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the "UNIunionON" string, which is collapsed into "UNION" by the filter_sql function.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Pc4arb	Pc4 Uploader

Configuration 1 [-]

cpe:2.3:a:pc4arb:pc4_uploader:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://osvdb.org/54572
http://secunia.com/advisories/35122
http://www.securityfocus.com/bid/35004
http://www.vupen.com/english/advisories/2009/1364
https://exchange.xforce.ibmcloud.com/vulnerabilities/50586
https://www.exploit-db.com/exploits/8709

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-05-20T19:00:00

Updated: 2024-08-07T05:20:35.331Z

Reserved: 2009-05-20T00:00:00

Link: CVE-2009-1742

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-05-20T19:30:00.407

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-1742

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-05-18T00:00:00", "descriptions": [{"lang": "en", "value": "code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the \"UNIunionON\" string, which is collapsed into \"UNION\" by the filter_sql function."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-09-28T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "54572", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/54572"}, {"name": "35122", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/35122"}, {"name": "8709", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/8709"}, {"name": "35004", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/35004"}, {"name": "ADV-2009-1364", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/1364"}, {"name": "pc4uploader-code-sql-injection(50586)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50586"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "[email protected]", "ID": "CVE-2009-1742", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the \"UNIunionON\" string, which is collapsed into \"UNION\" by the filter_sql function."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "54572", "refsource": "OSVDB", "url": "http://osvdb.org/54572"}, {"name": "35122", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/35122"}, {"name": "8709", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/8709"}, {"name": "35004", "refsource": "BID", "url": "http://www.securityfocus.com/bid/35004"}, {"name": "ADV-2009-1364", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/1364"}, {"name": "pc4uploader-code-sql-injection(50586)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50586"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T05:20:35.331Z"}, "title": "CVE Program Container", "references": [{"name": "54572", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/54572"}, {"name": "35122", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/35122"}, {"name": "8709", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/8709"}, {"name": "35004", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/35004"}, {"name": "ADV-2009-1364", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/1364"}, {"name": "pc4uploader-code-sql-injection(50586)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50586"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-1742", "datePublished": "2009-05-20T19:00:00", "dateReserved": "2009-05-20T00:00:00", "dateUpdated": "2024-08-07T05:20:35.331Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pc4arb:pc4_uploader:*:*:*:*:*:*:*:*", "matchCriteriaId": "4B561086-F1AB-41C8-BB09-91CD800C39F0", "versionEndIncluding": "9.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the \"UNIunionON\" string, which is collapsed into \"UNION\" by the filter_sql function."}, {"lang": "es", "value": "code.php en PC4Arb Pc4 Uploader v9.0 y anteriores, hace m\u00e1s f\u00e1cil para atacantes remotos llevar a cabo ataques de inyecci\u00f3n SQL a trav\u00e9s de una secuencia de palabras clave manipuladas que son borradas desde un filtro en el par\u00e1metro id en una acci\u00f3n de un banner, como se demuestra a trav\u00e9s de la cadena \"UniunionON\", lo que colapsa dentro \"UNION\" por la funci\u00f3n filter_sql."}], "id": "CVE-2009-1742", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "[email protected]", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-05-20T19:30:00.407", "references": [{"source": "[email protected]", "tags": ["Exploit"], "url": "http://osvdb.org/54572"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35122"}, {"source": "[email protected]", "url": "http://www.securityfocus.com/bid/35004"}, {"source": "[email protected]", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1364"}, {"source": "[email protected]", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50586"}, {"source": "[email protected]", "url": "https://www.exploit-db.com/exploits/8709"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://osvdb.org/54572"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/35122"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/35004"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://www.vupen.com/english/advisories/2009/1364"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/50586"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/8709"}], "sourceIdentifier": "[email protected]", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "[email protected]", "type": "Primary"}]}