CVE-2009-3713
Morcegocms < 1.7.6 - SQL Injection
Title source: ruleDescription
SQL injection vulnerability in fichero.php in MorcegoCMS 1.7.6 and earlier allows remote attackers to execute arbitrary SQL commands via the query string.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by darkjoker · phpwebappsphp
https://www.exploit-db.com/exploits/9121
Scores
EPSS
0.0024
EPSS Percentile
47.6%
Details
CWE
CWE-89
Status
published
Products (4)
morcego/morcegocms
0.9.6
morcego/morcegocms
1.1.0
morcego/morcegocms
1.5.0
morcego/morcegocms
< 1.7.6
Published
Oct 16, 2009
Tracked Since
Feb 18, 2026