CVE-2009-2308

2009-07-0210:00:00

mitre

www.cve.org

AI Score

8.6

Confidence

Low

EPSS

0.001

Percentile

42.6%

JSON

Multiple SQL injection vulnerabilities in affiliates.php in the Affiliation (aka Affiliates) module 1.1.0 and earlier for PunBB allow remote attackers to execute arbitrary SQL commands via the (1) in or (2) out parameter.

References

packetstormsecurity.org/0906-exploits/punbbaffiliations-blindsql.txt

packetstormsecurity.org/0906-exploits/punbbaffiliationsin-blindsql.txt

secunia.com/advisories/35654

www.exploit-db.com/exploits/9055

www.osvdb.org/55478

exchange.xforce.ibmcloud.com/vulnerabilities/51437