CVE-2009-3503

2022-10-0316:23:55

mitre

www.cve.org

sql injection

bpowerhouse bpholidaylettings

remote attackers

arbitrary sql commands

8.5 High

AI Score

Confidence

Low

0.002 Low

EPSS

Percentile

58.4%

JSON

Multiple SQL injection vulnerabilities in search.aspx in BPowerHouse BPHolidayLettings 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) rid and (2) tid parameters.

References

packetstormsecurity.org/0909-exploits/bpholidaylettings-sql.txt

secunia.com/advisories/36833

www.vupen.com/english/advisories/2009/2744