CVE-2009-3968

ITechBids 8.0 - SQL Injection

Title source: llm

Description

Multiple SQL injection vulnerabilities in ITechBids 8.0 allow remote attackers to execute arbitrary SQL commands via the (1) user_id parameter to feedback.php, (2) cate_id parameter to category.php, (3) id parameter to news.php, and (4) productid parameter to itechd.php. NOTE: the sellers_othersitem.php, classifieds.php, and shop.php vectors are already covered by CVE-2008-3238.

Exploits (1)

exploitdb WORKING POC VERIFIED
by Mr.SQL · perlwebappsphp
https://www.exploit-db.com/exploits/9497

References (2)

Scores

EPSS 0.0023
EPSS Percentile 46.1%

Details

CWE
CWE-89
Status published
Products (1)
itechscripts/itechbids 8.0
Published Nov 18, 2009
Tracked Since Feb 18, 2026