CVE-2009-0597
CVE-2009-0597 describes an SQL injection in the w3b>cms (aka w3blabor CMS) admin/index.php before version 3.4.0, exploitable when magic_quotes_gpc is disabled. A remote attacker can inject SQL via the benutzername (Username) field in the login action, potentially executing arbitrary SQL comman...