← back
CVE-2009-1584

CVE-2009-1584

EPSS 2.6%
Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magic_quotes_gpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) mail, (2) password, and (3) letra parameters to index.php; (4) y and (5) m parameters to sobre.php; and the (6) dcTema, (7) madsTema, (8) zthesTema, (9) skosTema, and (10) xtmTema parameters to xml.php.
Affected products
n/a · n/a
public PoCs found2
cve_referencewww.exploit-db.com/exploits/8615unverifiedcve_referencewww.exploit-db.com/exploits/8616unverified
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://osvdb.org/54245http://osvdb.org/54246http://secunia.com/advisories/34983https://www.exploit-db.com/exploits/8615https://www.exploit-db.com/exploits/8616http://www.securityfocus.com/archive/1/503252/100/0/threadedhttp://www.securityfocus.com/archive/1/503256http://www.securityfocus.com/bid/34830