CVE-2009-3973

Turnkey Arcade Script - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-3973. PoCs published by Red-D3v1L, The_5p3ctrum.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in Arcad site Script, allowing an attacker to extract user credentials (password and username) via a crafted UNION-based SQL query. The PoC provides a direct URL with the malicious payload, confirming its functionality.

Description

SQL injection vulnerability in index.php in Turnkey Arcade Script allows remote attackers to execute arbitrary SQL commands via the id parameter in a browse action, a different vector than CVE-2008-5629.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Red-D3v1L · textwebappsphp
https://www.exploit-db.com/exploits/9511

This exploit demonstrates a SQL injection vulnerability in Arcad site Script, allowing an attacker to extract user credentials (password and username) via a crafted UNION-based SQL query. The PoC provides a direct URL with the malicious payload, confirming its functionality.

Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Arcad site Script (PHP-based)
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 18, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by The_5p3ctrum · textwebappsphp
https://www.exploit-db.com/exploits/7256

This exploit demonstrates a SQL injection vulnerability in the Turnkey Arcade Script's index.php file. The vulnerability allows an attacker to extract sensitive information such as usernames and passwords from the database via a crafted URL.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Turnkey Arcade Script
No auth needed
Prerequisites: Access to the target web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/36129
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2009/2408
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/9511

Scores

EPSS 0.0097
EPSS Percentile 57.2%

Details

CWE
CWE-89
Status published
Products (1)
turnkeyarcade/turnkey_arcade_script
Published Nov 18, 2009
Tracked Since Feb 18, 2026