Vulnerability Details CVE-2009-3968
Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php, (2) cate_id parameter to category.php, (3) id parameter to news.php, and (4) productid parameter to itechd.php. NOTE: the sellers_othersitem.php, classifieds.php, and shop.php vectors are already covered by CVE-2008-3238.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 29.2%
CVSS Severity
CVSS v2 Score 7.5
References
Products affected by CVE-2009-3968
-
cpe:2.3:a:itechscripts:itechbids:8.0