CVE-2009-1347
published 2009-04-20CVE-2009-1347: Multiple SQL injection vulnerabilities in stats/index.php in chCounter 3.1.3 allow remote attackers to execute arbitrary SQL commands via (1) the login_name…
PriorityP340medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
0.96%
57.0th percentile
Multiple SQL injection vulnerabilities in stats/index.php in chCounter 3.1.3 allow remote attackers to execute arbitrary SQL commands via (1) the login_name parameter (aka the username field) or (2) the login_pw parameter (aka the password field).
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| chcounter | chcounter | — | — |
CVSS provenance
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
chCounter - indirect SQL Injection / Cross-Site Scripting
exploitdb·2010-04-29
CVE-2009-1362 chCounter - indirect SQL Injection / Cross-Site Scripting
chCounter - indirect SQL Injection / Cross-Site Scripting
---
# Exploit Title: chCounter indirect SQL Injection and XSS Vulnerabilities
# Date: 29.04.2010
# Author: Valentin
# Category: webapps/0day
# Version: 3.1.1
# Tested on: Debian, Apache2, PHP5, MySQL5
# CVE :
# Code :
[:::::::::::::::::::::::::::::::::::::: 0x1 ::::::::::::::::::::::::::::::::::::::]
>> General Information
Advisory/Exploit Title = chCounter indirect SQL Injection and XSS Vulnerabilities
Author = Valentin Hoebel
Contact = [email protected]
[:::::::::::::::::::::::::::::::::::::: 0x2 ::::::::::::::::::::::::::::::::::::::]
>> Product information
Name = chCounter
Vendors = Berti, Christoph Bachner
Vendor Website = http://chcounter.org/
Affected Version(s) = 3.1.1
chCounter is a counter tool. Simply implement
Exploit-DB
chCounter 3.1.3 - Authentication Bypass
exploitdb·2009-04-16
CVE-2009-1362 chCounter 3.1.3 - Authentication Bypass
chCounter 3.1.3 - Authentication Bypass
---
########################################################################################################################
#chCounter 3.1.3 Login Bypass
#=======================================================================================================================
#
#Critical Level : Dangerous
#
#Vendor site : http://chcounter.org/
#
#Download : http://chcounter.org/chCounter3/getfile.php?id=5
#
#dorks: "chCounter 3.1.3" Künftig automatisch einloggen or "chCounter 3.1.3"
#
#=======================================================================================================================
#
#
#Information :
#--------------------------------
#Need: magic quotes = off
#
#Exploit :
#--------------------------------
#
#http://www.[URL]//
No writeups or analysis indexed.
2009-04-20
Published