CVE-2009-1814
CVE-2009-1814 describes an SQL injection in mail.php of PHPenpals (v1.1 and earlier) allowing remote SQL command execution via the ID parameter. Consequences and patch details are not provided here beyond noting that the profile.php vector is covered by CVE-2006-0074; the connected records indica...