← Retour aux CVEs
CVE-2009-2389
N/ADescription
Multiple SQL injection vulnerabilities in newsscript.php in USOLVED NEWSolved 1.1.6, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) jahr or (2) idneu parameter in an archive action, or (3) the newsid parameter.
Details CVE
Score CVSS v3.1N/A
Publie7/9/2009
Derniere modification4/23/2026
Sourcenvd
Observations honeypot0
Produits affectes
usolved:newsolved
Faiblesses (CWE)
CWE-89
References
http://secunia.com/advisories/35611(cve@mitre.org)
http://www.exploit-db.com/exploits/9042(cve@mitre.org)
http://secunia.com/advisories/35611(af854a3a-2127-422b-91ae-364da2661108)
http://www.exploit-db.com/exploits/9042(af854a3a-2127-422b-91ae-364da2661108)
Correlations IOC
Aucune correlation enregistree
This product uses data from the NVD API but is not endorsed or certified by the NVD.