Vulnerability Details CVE-2009-4749
Multiple SQL injection vulnerabilities in PHP Live! 3.2.1 and 3.2.2 allow remote attackers to execute arbitrary SQL commands via the x parameter to (1) message_box.php and (2) request.php.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.5%
CVSS Severity
CVSS v2 Score 7.5
References
- http://packetstormsecurity.org/0907-exploits/phplive-sql.txt
- http://www.exploit-db.com/exploits/9174
- http://www.securityfocus.com/bid/35718
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51784
- http://packetstormsecurity.org/0907-exploits/phplive-sql.txt
- http://www.exploit-db.com/exploits/9174
- http://www.securityfocus.com/bid/35718
- https://exchange.xforce.ibmcloud.com/vulnerabilities/51784
Products affected by CVE-2009-4749
-
cpe:2.3:a:phplivesupport:php_live!:3.2.1
-
cpe:2.3:a:phplivesupport:php_live!:3.2.2