Vulnerability Details CVE-2009-0825
SQL injection vulnerability in system/rss.php in TinX/cms 3.x before 3.5.1 allows remote attackers to execute arbitrary SQL commands via the id parameter.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 75.0%
CVSS Severity
CVSS v2 Score 7.5
References
- http://en.securitylab.ru/lab/PT-2009-13
- http://secunia.com/advisories/34178
- http://sourceforge.net/project/showfiles.php?group_id=133415
- http://sourceforge.net/project/shownotes.php?group_id=133415&release_id=658540
- http://www.securityfocus.com/archive/1/501547/100/0/threaded
- http://www.securityfocus.com/bid/34021
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49115
- http://en.securitylab.ru/lab/PT-2009-13
- http://secunia.com/advisories/34178
- http://sourceforge.net/project/showfiles.php?group_id=133415
- http://sourceforge.net/project/shownotes.php?group_id=133415&release_id=658540
- http://www.securityfocus.com/archive/1/501547/100/0/threaded
- http://www.securityfocus.com/bid/34021
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49115
Products affected by CVE-2009-0825
-
cpe:2.3:a:torben_sorensen:tinx/cms:*
-
cpe:2.3:a:torben_sorensen:tinx/cms:3.0