Back to search
CVE-2009-0646
Published: Feb 18, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in 4Site CMS 2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) login and (2) password parameters to pcgi/4site.pl, (3) page parameter to print/print.shtml, (4) s and (5) i parameters to portfolio/index.shtml, (6) h parameter to hotel/index.php, (7) id parameter to news/news1.shtml, and the (8) th parameter to faq/index.shtml.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
4sitecms-hotels-sql-injection(48486)
vdb-entry
x_refsource_XF
20101019 SQL Injection in 4site CMS
mailing-list
x_refsource_BUGTRAQ
7964
exploit
x_refsource_EXPLOIT-DB
http://wsec.ru/wsec-09-002-4site-cms-26-multiple-sql-injections/
x_refsource_MISC
4sitecms-pages-sql-injection(48483)
vdb-entry
x_refsource_XF
51806
vdb-entry
x_refsource_OSVDB
http://www.htbridge.ch/advisory/sql_injection_in_4site_cms.html
x_refsource_MISC
51809
vdb-entry
x_refsource_OSVDB
4sitecms-faq-sql-injection(48488)
vdb-entry
x_refsource_XF
33594
vdb-entry
x_refsource_BID
51808
vdb-entry
x_refsource_OSVDB
51807
vdb-entry
x_refsource_OSVDB
33733
third-party-advisory
x_refsource_SECUNIA
4sitecms-news-sql-injection(48487)
vdb-entry
x_refsource_XF
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now