CVE-2009-3529

Radscripts Radbids - SQL Injection

Title source: rule

Description

SQL injection vulnerability in index.php in RadScripts RadBids Gold 4 allows remote attackers to execute arbitrary SQL commands via the fid parameter in a view_forum action, a different vector than CVE-2005-1074.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Moudi · textwebappsphp

https://www.exploit-db.com/exploits/9194

View Code ZIP pw:eip

References (2)

[Vendor Advisory] http://secunia.com/advisories/35827

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/9194

Scores

EPSS 0.0023

EPSS Percentile 45.8%

Classification

CWE

CWE-89

Status draft

Affected Products (1)

radscripts/radbids

Timeline

Published Oct 02, 2009

Tracked Since Feb 18, 2026