CVE-2009-2164
Kjtechforce Mailman Beta1 - SQL Injection
Title source: llmDescription
Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the code parameter to activate.php or (2) the dest parameter to index.php.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by YEnH4ckEr · textwebappsphp
https://www.exploit-db.com/exploits/8884
exploitdb
WORKING POC
VERIFIED
by YEnH4ckEr · perlwebappsphp
https://www.exploit-db.com/exploits/8885
Scores
EPSS
0.0037
EPSS Percentile
58.9%
Details
CWE
CWE-89
Status
published
Products (1)
kjtechforce/mailman
beta1
Published
Jun 22, 2009
Tracked Since
Feb 18, 2026