CVE-2009-4936

Spirate Small Pirate - SQL Injection

Title source: rule
STIX 2.1

Description

Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-comment.php.

Exploits (1)

exploitdb WORKING POC VERIFIED
by YEnH4ckEr · textwebappsphp
https://www.exploit-db.com/exploits/8819

References (9)

Core 9
Core References
Exploit vdb-entry x_refsource_osvdb
http://osvdb.org/54785
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/8819
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/50837
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/54784
Exploit vdb-entry x_refsource_osvdb
http://osvdb.org/54788
Exploit vdb-entry x_refsource_osvdb
http://osvdb.org/54787
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/503863/100/0/threaded
Exploit vdb-entry x_refsource_osvdb
http://osvdb.org/54786
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/35272

Scores

EPSS 0.0210
EPSS Percentile 84.2%

Details

CWE
CWE-89
Status published
Products (1)
spirate/small_pirate 2.1
Published Jul 22, 2010
Tracked Since Feb 18, 2026