CVE-2009-4574

I-Escorts Directory Script - Country Escorts < PHP - SQL Injection

Title source: llm

Description

SQL injection vulnerability in country_escorts.php in I-Escorts Directory Script allows remote attackers to execute arbitrary SQL commands via the country_id parameter.

Exploits (1)

exploitdb WRITEUP VERIFIED

by R3d-D3V!L · textwebappsphp

https://www.exploit-db.com/exploits/10809

View Code ZIP pw:eip

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb

http://www.osvdb.org/61397

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/55208

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/10809

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/37957

Exploit x_refsource_misc

http://packetstormsecurity.org/0912-exploits/iescorts-sql.txt

Scores

EPSS 0.0020

EPSS Percentile 42.1%

Details

CWE

CWE-89

Status published

Products (1)

i-escorts/i-escorts_directory_script

Published Jan 06, 2010

Tracked Since Feb 18, 2026