Description
SQL injection vulnerability in _phenotype/admin/login.php in Phenotype CMS before 2.9 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the login name).
Exploits (1)
exploitdb
WRITEUP
VERIFIED
by Khashayar Fereidani · textwebappsphp
https://www.exploit-db.com/exploits/9107
References (5)
Core 5
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35792
Vendor Advisory x_refsource_confirm
http://www.phenotype-cms.com/wiki/development-changelog
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/9107
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/51634
Exploit vdb-entry
x_refsource_osvdb
http://www.osvdb.org/55799
Scores
EPSS
0.0017
EPSS Percentile
38.4%
Details
CWE
CWE-89
Status
published
Products (11)
phenotype-cms/phenotype_cms
1.0
phenotype-cms/phenotype_cms
2.0
phenotype-cms/phenotype_cms
2.1
phenotype-cms/phenotype_cms
2.2
phenotype-cms/phenotype_cms
2.3
phenotype-cms/phenotype_cms
2.4
phenotype-cms/phenotype_cms
2.5
phenotype-cms/phenotype_cms
2.5.1
phenotype-cms/phenotype_cms
2.6
phenotype-cms/phenotype_cms
2.7
... and 1 more
Published
Oct 02, 2009
Tracked Since
Feb 18, 2026