Description
Multiple SQL injection vulnerabilities in login.php in Kim Websites 1.0 allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Virangar Security · textwebappsphp
https://www.exploit-db.com/exploits/8209
References (4)
Core 4
Core References
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/0732
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49259
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/8209
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34116
Scores
EPSS
0.0038
EPSS Percentile
59.3%
Details
CWE
CWE-89
Status
published
Products (1)
kimwebsites/kim_websites
1.0
Published
Mar 20, 2009
Tracked Since
Feb 18, 2026