Back to search
CVE-2009-0963
Published: Mar 19, 2009
Modified: Aug 7, 2024
PUBLISHED
Description
Multiple SQL injection vulnerabilities in PHPRunner 4.2, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the SearchField parameter to (1) UserView_list.php, (2) orders_list.php, (3) users_list.php, and (4) Administrator_list.php.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
34146
vdb-entry
x_refsource_BID
20090317 PHPRunner SQL Injection
mailing-list
x_refsource_BUGTRAQ
8226
exploit
x_refsource_EXPLOIT-DB
http://www.bugreport.ir/index_63.htm
x_refsource_MISC
52799
vdb-entry
x_refsource_OSVDB
34330
third-party-advisory
x_refsource_SECUNIA
ADV-2009-0750
vdb-entry
x_refsource_VUPEN
phprunner-searchfield-sql-injection(49278)
vdb-entry
x_refsource_XF
52801
vdb-entry
x_refsource_OSVDB
52800
vdb-entry
x_refsource_OSVDB
52798
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now