CVE-2009-2147

phpWebThings <1.5.2 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by StAkeR · perlwebappsphp

https://www.exploit-db.com/exploits/8939

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://secunia.com/advisories/35396

[Exploit] http://www.securityfocus.com/bid/35336

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/51094

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/8939

Scores

EPSS 0.0037

EPSS Percentile 58.6%

Details

CWE

CWE-89

Status published

Products (15)

phpwebthings/phpwebthings 0.1

phpwebthings/phpwebthings 0.2

phpwebthings/phpwebthings 0.2b

phpwebthings/phpwebthings 0.3

phpwebthings/phpwebthings 0.4

phpwebthings/phpwebthings 0.4.1

phpwebthings/phpwebthings 0.4.2

phpwebthings/phpwebthings 0.6.0

phpwebthings/phpwebthings 1.0

phpwebthings/phpwebthings 1.1a

... and 5 more

Published Jun 22, 2009

Tracked Since Feb 18, 2026