CVE-2009-4749

2010-03-2620:00:00

mitre

www.cve.org

AI Score

8.6

Confidence

Low

EPSS

0.001

Percentile

27.8%

JSON

Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 allow remote attackers to execute arbitrary SQL commands via the x parameter to (1) message_box.php and (2) request.php.

References

packetstormsecurity.org/0907-exploits/phplive-sql.txt

www.exploit-db.com/exploits/9174

www.securityfocus.com/bid/35718

exchange.xforce.ibmcloud.com/vulnerabilities/51784