Description
Multiple SQL injection vulnerabilities in FretsWeb 1.2 allow remote attackers to execute arbitrary SQL commands via the (1) name parameter to player.php and the (2) hash parameter to song.php.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by YEnH4ckEr · pythonwebappsphp
https://www.exploit-db.com/exploits/8980
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/8980
Patch x_refsource_confirm
http://sourceforge.net/forum/forum.php?forum_id=966939
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35492
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/55168
Broken Link vdb-entry
x_refsource_osvdb
http://osvdb.org/55167
Scores
EPSS
0.0016
EPSS Percentile
37.0%
Details
CWE
CWE-89
Status
published
Products (1)
fretsweb_project/fretsweb
1.2
Published
Jun 18, 2009
Tracked Since
Feb 18, 2026