2 matches found
CVE-2009-1814
SQL injection vulnerability in mail.php in PHPenpals 1.1 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter. NOTE: the profile.php vector is already covered by CVE-2006-0074...
CVE-2009-1814
CVE-2009-1814 describes an SQL injection in mail.php of PHPenpals (v1.1 and earlier) allowing remote SQL command execution via the ID parameter. Consequences and patch details are not provided here beyond noting that the profile.php vector is covered by CVE-2006-0074; the connected records indica...