CVE-2009-2269

Empire CMS 5.1 - SQL Injection

Title source: llm

Description

SQL injection vulnerability in Empire CMS 5.1 allows remote attackers to execute arbitrary SQL commands via the bid parameter to the default URI under e/tool/gbook/.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Securitylab Security Research · phpwebappsphp

https://www.exploit-db.com/exploits/10069

View Code ZIP pw:eip

References (1)

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/504652/100/0/threaded

Scores

EPSS 0.0012

EPSS Percentile 31.0%

Details

CWE

CWE-89

Status published

Products (1)

phome_empire/phome_empire_cms 5.1

Published Jul 01, 2009

Tracked Since Feb 18, 2026