CVE-2009-4728

Questions Answered <1.3 - SQL Injection

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-4728. PoCs published by snakespc.

AI-analyzed exploit summary This is a writeup describing an SQL injection vulnerability in Questions Answered v1.3, specifically an authentication bypass using a simple SQLi payload in the username field. No actual exploit code is provided.

Description

SQL injection vulnerability in the administrative interface in Questions Answered 1.3 allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED

by snakespc · textwebappsphp

https://www.exploit-db.com/exploits/9341

View Code ZIP pw:eip

This is a writeup describing an SQL injection vulnerability in Questions Answered v1.3, specifically an authentication bypass using a simple SQLi payload in the username field. No actual exploit code is provided.

Classification

Writeup 90%

Attack Type

Sqli

Complexity

Trivial

Reliability

Reliable

Target: Questions Answered v1.3

No auth needed

Prerequisites: access to the admin login page

MITRE ATT&CK

T1189 - Drive-by Compromise T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Exploit, Third Party Advisory exploit x_refsource_exploit-db

http://www.exploit-db.com/exploits/9341

Vendor Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2009/2130

Scores

EPSS 0.0093

EPSS Percentile 55.8%

Details

CWE

CWE-89

Status published

Products (1)

questions_answered/questions_answered 1.3

Published Mar 18, 2010

Tracked Since Feb 18, 2026