CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2009-4865

Multiple SQL injection vulnerabilities in escorts_search.php in I-Escorts Directory Script and Agency Script, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) search_name and (2) languages parameters. NOTE: some of these details are obtained from third party information.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.004

EPSS Ranking 58.4%

CVSS Severity

CVSS v2 Score 6.8

References

http://osvdb.org/56858
http://packetstormsecurity.org/0908-exploits/des-xss.txt
http://secunia.com/advisories/36161
https://exchange.xforce.ibmcloud.com/vulnerabilities/52304
http://osvdb.org/56858
http://packetstormsecurity.org/0908-exploits/des-xss.txt
http://secunia.com/advisories/36161
https://exchange.xforce.ibmcloud.com/vulnerabilities/52304

Products affected by CVE-2009-4865

I-Escorts » I-Escorts Agency Script » Version: N/A

cpe:2.3:a:i-escorts:i-escorts_agency_script:-
I-Escorts » I-Escorts Directory Script » Version: N/A

cpe:2.3:a:i-escorts:i-escorts_directory_script:-

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2009-4865

Products

Pricing

Contact Us