Vulnerability Details CVE-2009-2113
Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to player.php and the (2) hash parameter to song.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 59.0%
CVSS Severity
CVSS v2 Score 7.5
References
- http://osvdb.org/55167
- http://osvdb.org/55168
- http://secunia.com/advisories/35492
- http://sourceforge.net/forum/forum.php?forum_id=966939
- https://www.exploit-db.com/exploits/8980
- http://osvdb.org/55167
- http://osvdb.org/55168
- http://secunia.com/advisories/35492
- http://sourceforge.net/forum/forum.php?forum_id=966939
- https://www.exploit-db.com/exploits/8980
Products affected by CVE-2009-2113
-
cpe:2.3:a:fretsweb_project:fretsweb:1.2