CVE-2009-0730 - Vulnerability Details - OpenCVE

Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Gigcalendar	Com Gigcalendar
Joomla	Joomla
Mambo	Mambo

Configuration 1 [-]

AND

cpe:2.3:a:gigcalendar:com_gigcalendar:1.0:*:*:*:*:*:*:*

OR	cpe:2.3:a:joomla:joomla::::::::
	cpe:2.3:a:mambo:mambo::::::::

No data.

References

Link	Providers
http://www.securityfocus.com/archive/1/501174/100/0/threaded
http://www.securityfocus.com/archive/1/501175/100/0/threaded
http://www.securityfocus.com/archive/1/501176/100/0/threaded
http://www.securityfocus.com/bid/33859
http://www.securityfocus.com/bid/33863
https://exchange.xforce.ibmcloud.com/vulnerabilities/48865

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-02-24T23:00:00

Updated: 2024-08-07T04:48:51.621Z

Reserved: 2009-02-24T00:00:00

Link: CVE-2009-0730

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2009-02-24T23:30:03.860

Modified: 2025-04-09T00:30:58.490

Link: CVE-2009-0730

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-02-21T00:00:00", "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-10T18:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "20090221 gigCalendar 1.0 (venuedetails.php) Joomla Component SQL Injection", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/501175/100/0/threaded"}, {"name": "33859", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33859"}, {"name": "gigcalendar-venuedetails-sql-injection(48865)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48865"}, {"name": "20090221 gigCalendar 1.0 (banddetails.php) Joomla Component SQL Injection", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/501176/100/0/threaded"}, {"name": "20090221 gigCalendar Joomla Component 1.0 SQL Injection", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/501174/100/0/threaded"}, {"name": "33863", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33863"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0730", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "20090221 gigCalendar 1.0 (venuedetails.php) Joomla Component SQL Injection", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/501175/100/0/threaded"}, {"name": "33859", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33859"}, {"name": "gigcalendar-venuedetails-sql-injection(48865)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48865"}, {"name": "20090221 gigCalendar 1.0 (banddetails.php) Joomla Component SQL Injection", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/501176/100/0/threaded"}, {"name": "20090221 gigCalendar Joomla Component 1.0 SQL Injection", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/501174/100/0/threaded"}, {"name": "33863", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33863"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:48:51.621Z"}, "title": "CVE Program Container", "references": [{"name": "20090221 gigCalendar 1.0 (venuedetails.php) Joomla Component SQL Injection", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/501175/100/0/threaded"}, {"name": "33859", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/33859"}, {"name": "gigcalendar-venuedetails-sql-injection(48865)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48865"}, {"name": "20090221 gigCalendar 1.0 (banddetails.php) Joomla Component SQL Injection", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/501176/100/0/threaded"}, {"name": "20090221 gigCalendar Joomla Component 1.0 SQL Injection", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/501174/100/0/threaded"}, {"name": "33863", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/33863"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0730", "datePublished": "2009-02-24T23:00:00", "dateReserved": "2009-02-24T00:00:00", "dateUpdated": "2024-08-07T04:48:51.621Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:gigcalendar:com_gigcalendar:1.0:*:*:*:*:*:*:*", "matchCriteriaId": "DF2D1050-B155-470F-8C50-C86DA90F832E", "vulnerable": true}], "negate": false, "operator": "OR"}, {"cpeMatch": [{"criteria": "cpe:2.3:a:joomla:joomla:*:*:*:*:*:*:*:*", "matchCriteriaId": "E45D1087-8182-43A1-81BD-B0D5A535EC98", "vulnerable": false}, {"criteria": "cpe:2.3:a:mambo:mambo:*:*:*:*:*:*:*:*", "matchCriteriaId": "6A453A9F-12E9-40FC-8C42-D80C780154E2", "vulnerable": false}], "negate": false, "operator": "OR"}], "operator": "AND"}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Multiple SQL injection vulnerabilities in the GigCalendar (com_gigcal) component 1.0 for Mambo and Joomla!, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the gigcal _venues_id parameter in a details action to index.php, which is not properly handled by venuedetails.php, and (2) the gigcal_bands_id parameter in a details action to index.php, which is not properly handled by banddetails.php, different vectors than CVE-2009-0726."}, {"lang": "es", "value": "M\u00faltiples vulnerabilidades de inyecci\u00f3n SQL en el componente GigCalendar (com_gigcal) v1.0 para Mambo y Joomla!, cuando magic_quotes_gpc est\u00e1 deshabilitado, permite a atacantes remotos ejecutar comandos SQL de su elecci\u00f3n a trav\u00e9s de (1) el par\u00e1metro gigcal _venues_id en una acci\u00f3n details para index.php, que no es manejada adecuadamente por venuedetails.php y (2) el par\u00e1metro gigcal_bands_id parameter en una acci\u00f3n details para index.php, que no es manejada adecuadamente por banddetails.php. Se trata de vectores diferentes de CVE-2009-0726."}], "id": "CVE-2009-0730", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2009-02-24T23:30:03.860", "references": [{"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/501174/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/501175/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/501176/100/0/threaded"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/33859"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/33863"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48865"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/501174/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/501175/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/501176/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/33859"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://www.securityfocus.com/bid/33863"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/48865"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-89"}], "source": "nvd@nist.gov", "type": "Primary"}]}