Vulnerability Details CVE-2009-2573
Multiple SQL injection vulnerabilities in MiniTwitter 0.2 beta, when magic_quotes_gpc is disabled, allow remote authenticated users to execute arbitrary SQL commands via the (1) user parameter to (a) index.php and (b) rss.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.003
EPSS Ranking 53.5%
CVSS Severity
CVSS v2 Score 6.0
References
- http://www.exploit-db.com/exploits/8586
- http://www.securityfocus.com/archive/1/503155/100/0/threaded
- http://www.securityfocus.com/bid/34795
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50282
- http://www.exploit-db.com/exploits/8586
- http://www.securityfocus.com/archive/1/503155/100/0/threaded
- http://www.securityfocus.com/bid/34795
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50282
Products affected by CVE-2009-2573
-
cpe:2.3:a:bioscripts:minitwitter:0.2_beta