CVE-2009-3190

Pad-site-scripts Pad Site Scripts - SQL Injection

Title source: rule

Description

Multiple SQL injection vulnerabilities in PAD Site Scripts 3.6 allow remote attackers to execute arbitrary SQL commands via the (1) search parameter to list.php and (2) cat parameter to rss.php.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Mr.SQL · textwebappsphp

https://www.exploit-db.com/exploits/9531

View Code ZIP pw:eip

References (2)

[Vendor Advisory] http://www.vupen.com/english/advisories/2009/2434

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/9531

Scores

EPSS 0.0023

EPSS Percentile 45.8%

Classification

CWE

CWE-89

Status draft

Affected Products (1)

pad-site-scripts/pad_site_scripts

Timeline

Published Sep 15, 2009

Tracked Since Feb 18, 2026