CVE-2009-3502
BPowerHouse BPMusic 1.0 - SQL Injection via music_id Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2009-3502. PoCs published by OoN Boy.
AI-analyzed exploit summary This is a writeup detailing a blind SQL injection vulnerability in BPMusic 1.0. It provides proof-of-concept URLs demonstrating the vulnerability but does not include executable exploit code.
Description
SQL injection vulnerability in music.php in BPowerHouse BPMusic 1.0 allows remote attackers to execute arbitrary SQL commands via the music_id parameter.
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by OoN Boy · textwebappsphp
https://www.exploit-db.com/exploits/9836
This is a writeup detailing a blind SQL injection vulnerability in BPMusic 1.0. It provides proof-of-concept URLs demonstrating the vulnerability but does not include executable exploit code.
Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
BPMusic 1.0
No auth needed
Prerequisites:
Access to the vulnerable endpoint
MITRE ATT&CK
devstral-2 · analyzed Feb 16, 2026
Full analysis →
References (3)
Core 3
Core References
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2740
Exploit x_refsource_misc
http://packetstormsecurity.org/0909-exploits/bpmusic-sql.txt
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/36824
Scores
EPSS
0.0099
EPSS Percentile
58.0%
Details
CWE
CWE-89
Status
published
Products (1)
bpowerhouse/bpmusic
1.0
Published
Sep 30, 2009
Tracked Since
Feb 18, 2026