← back
CVE-2009-3968

CVE-2009-3968

EPSS 0.9%
Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php, (2) cate_id parameter to category.php, (3) id parameter to news.php, and (4) productid parameter to itechd.php. NOTE: the sellers_othersitem.php, classifieds.php, and shop.php vectors are already covered by CVE-2008-3238.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://secunia.com/advisories/36437http://www.exploit-db.com/exploits/9497