CVE-2009-3117

Snowhall Silurus System - SQL Injection

Title source: rule

Description

SQL injection vulnerability in category.php in Snow Hall Silurus System 1.0 allows remote attackers to execute arbitrary SQL commands via the ID parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mr.SQL · textwebappsphp

https://www.exploit-db.com/exploits/9538

View Code ZIP pw:eip

References (4)

[Vendor Advisory] http://secunia.com/advisories/36124

[Vendor Advisory] http://www.vupen.com/english/advisories/2009/2467

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/52904

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/9538

Scores

EPSS 0.0024

EPSS Percentile 47.3%

Classification

CWE

CWE-89

Status draft

Affected Products (1)

snowhall/silurus_system

Timeline

Published Sep 09, 2009

Tracked Since Feb 18, 2026