CVEブラウザに戻る

CVE-2009-3758

HIGH

7.5

CVSS Severity Score

EPSS Score0.1550%

EPSS Percentile26.95th

Published2009年10月22日

Last Modified2026年4月23日

Vulnerability Description

SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

📦

Citrix

Xencenterweb

All versions

References & Advisories

🔗 http://securenetwork.it/ricerca/advisory/download/SN-2009-01.txt

🔗 http://securitytracker.com/id?1022520

🔗 http://www.exploit-db.com/exploits/9106

🔗 http://www.securityfocus.com/archive/1/504764

🔗 http://www.securityfocus.com/bid/35592

🔗 http://www.vupen.com/english/advisories/2009/1814

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/51574

🔗 http://securenetwork.it/ricerca/advisory/download/SN-2009-01.txt

関連する脆弱性情報

CVE-2009-37598.8

Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb all...

CVE-2009-37607.5

Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenter...

CVE-2009-37574.3

Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remo...

CVE-2009-227110.0

The Huawei D100 has (1) a certain default administrator password for the web interface, and does not force a password change; and ...