CVE-2009-1452

Bluevirus-design Sma-db - Code Injection

Title source: rule

Description

Multiple PHP remote file inclusion vulnerabilities in theme/format.php in SMA-DB 0.3.13 allow remote attackers to execute arbitrary PHP code via a URL in the (1) _page_css and (2) _page_javascript parameters. NOTE: the _page_content vector is already is covered by CVE-2009-1450.

Exploits (1)

exploitdb WORKING POC VERIFIED
by JosS · textwebappsphp
https://www.exploit-db.com/exploits/8460

References (3)

Scores

EPSS 0.0210
EPSS Percentile 83.8%

Classification

CWE
CWE-94
Status draft

Affected Products (1)

bluevirus-design/sma-db

Timeline

Published Apr 28, 2009
Tracked Since Feb 18, 2026