CVE-2009-0604

PHP Director <0.21 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in index.php in PHP Director 0.21 and earlier allows remote attackers to execute arbitrary SQL commands via the searching parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by darkjoker · perlwebappsphp

https://www.exploit-db.com/exploits/8014

View Code ZIP pw:eip

References (3)

[Exploit] http://www.securityfocus.com/bid/33694

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/8014

[Third Party Advisory] http://www.vupen.com/english/advisories/2009/0379

Scores

EPSS 0.0060

EPSS Percentile 69.6%

Details

CWE

CWE-89

Status published

Products (2)

php_director/php_director 0.2

php_director/php_director < 0.21

Published Feb 16, 2009

Tracked Since Feb 18, 2026