2 matches found
CVE-2009-2883
SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cpusername parameter, related to an error in the CleanVar function in includes/functions.php...
CVE-2009-2883
An SQL injection vulnerability in SaphpLesson 4.0 (admin/login.php) can be triggered when magic_quotes_gpc is disabled, allowing remote attackers to execute arbitrary SQL via the cp_username parameter. The issue is related to an error in the CleanVar function in includes/functions.php. CVSS v2 ba...