CVSS: 7.5EPSS: 0%CPEs: 5EXPL: 2CVE-2009-2290 – Joomla! Component Boy Scout Advancement 0.3 - 'id' SQL Injection
https://notcve.org/view.php?id=CVE-2009-2290
SQL injection vulnerability in the Boy Scout Advancement (com_bsadv) component 0.3 and earlier for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a (1) account or (2) event task to index.php. Vulnerabilidad de inyección SQL en el componente Boy Scout Advancement (com_bsadv) v0.3 para Joomla!, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro "id" en (1) "account" o (2) "event task" al index.php. • https://www.exploit-db.com/exploits/8779 http://www.securityfocus.com/archive/1/503794/100/0/threaded http://www.securityfocus.com/bid/35087 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •