CVE-2009-3970

The CVE-2009-3970 entry describes a SQL injection in index.php of PHP Dir Submit (also WebsiteSubmitter/Submitter Script). The vulnerability is triggered by the aid parameter in a showarticle action, allowing remote authenticated users to execute arbitrary SQL commands. Affected software is PHP D...

CVE-2009-1787

The CVE-2009-1787 issue affects PHP Dir Submit (aka WebsiteSubmitter and Submitter Script). It describes SQL injection vulnerabilities in the authentication flow that allow remote attackers to bypass login and gain administrative access via the (1) username and (2) password parameters. Documented...