CVE-2009-0295

ITLPoll 2.7-2 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in index.php in Information Technology Light Poll Information (ITLPoll) 2.7 Stable 2, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by fuzion · phpwebappsphp

https://www.exploit-db.com/exploits/7867

View Code ZIP pw:eip

References (4)

[Third Party Advisory, VDB Entry] http://osvdb.org/51616

[Vendor Advisory] http://secunia.com/advisories/33666

[Exploit] http://www.securityfocus.com/bid/33452

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/7867

Scores

EPSS 0.0049

EPSS Percentile 65.4%

Details

CWE

CWE-89

Status published

Products (1)

itlpoll/itpoll 2.7

Published Jan 27, 2009

Tracked Since Feb 18, 2026