CVE-2009-5090

2011-09-0923:00:00

mitre

www.cve.org

8.4 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

28.0%

JSON

SQL injection vulnerability in editcomments.php in Bloggeruniverse Beta 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter and possibly other unspecified vectors.

References

www.exploit-db.com/exploits/8043

www.securityfocus.com/bid/33744

exchange.xforce.ibmcloud.com/vulnerabilities/48697