CVE-2009-4936

Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action, or the id parameter to (2) pag1.php, (3) pag1-guest.php, (4) rss-comment_post.php (aka rss-coment_post.php), or (5) rss-pic-comment.php.

Published: Jul 22, 2010
Updated: Apr 13, 2023
CVE: CVE-2009-4936
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

CWEs:

CWE-89

OWASP TOP 10:

A1 - Injection

Affected Software
References

Software	From	Fixed in
spirate / small_pirate	2.1	2.1.x

http://osvdb.org/54784
http://osvdb.org/54785
http://osvdb.org/54786
http://osvdb.org/54787
http://osvdb.org/54788
http://secunia.com/advisories/35272
http://www.exploit-db.com/exploits/8819
http://www.securityfocus.com/archive/1/503863/100/0/threaded
https://exchange.xforce.ibmcloud.com/vulnerabilities/50837

Vulnerability Database

290,278

CVE-2009-4936