CVE-2009-4935

Esoftpro Online Guestbook Pro - SQL Injection

Title source: rule

Description

SQL injection vulnerability in ogp_show.php in Online Guestbook Pro allows remote attackers to execute arbitrary SQL commands via the display parameter.

Exploits (2)

exploitdb WRITEUP VERIFIED

by Hussin X · textwebappsphp

https://www.exploit-db.com/exploits/8475

View Code ZIP pw:eip

exploitdb WRITEUP

webappsphp

https://www.exploit-db.com/exploits/14204

View Code ZIP pw:eip

References (2)

[Exploit] http://www.securityfocus.com/bid/34592

[Exploit, Third Party Advisory] http://www.exploit-db.com/exploits/8475

Scores

EPSS 0.0033

EPSS Percentile 55.9%

Details

CWE

CWE-89

Status published

Products (1)

esoftpro/online_guestbook_pro

Published Jul 12, 2010

Tracked Since Feb 18, 2026