CVE-2009-1282

Glfusion < 1.1.2 - SQL Injection

Title source: rule

Description

SQL injection vulnerability in private/system/lib-session.php in glFusion 1.1.2 and earlier allows remote attackers to execute arbitrary SQL commands via the glf_session cookie parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Nine:Situations:Group · phpwebappsphp

https://www.exploit-db.com/exploits/8347

View Code ZIP pw:eip

References (8)

[Exploit] http://marc.info/?l=bugtraq&m=123877379105028&w=2

[Exploit] http://retrogod.altervista.org/9sg_glfuso_sql_cookies.html

[Vendor Advisory] http://secunia.com/advisories/34575

[Patch, Vendor Advisory] http://www.glfusion.org/wiki/doku.php?id=glfusion:whatsnew

[Exploit, Patch] http://www.securityfocus.com/bid/34361

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/49652

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/8347

[Third Party Advisory, VDB Entry] http://osvdb.org/53286

Scores

EPSS 0.0117

EPSS Percentile 78.8%

Details

CWE

CWE-89

Status published

Products (5)

glfusion/glfusion 1.0.0 (3 CPE variants)

glfusion/glfusion 1.0.1

glfusion/glfusion 1.1.0 (2 CPE variants)

glfusion/glfusion 1.1.1

glfusion/glfusion < 1.1.2

Published Apr 09, 2009

Tracked Since Feb 18, 2026