CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 4CVE-2009-2308 – PunBB Affiliates Mod 1.1 - Blind SQL Injection
https://notcve.org/view.php?id=CVE-2009-2308
Multiple SQL injection vulnerabilities in affiliates.php in the Affiliation (aka Affiliates) module 1.1.0 and earlier for PunBB allow remote attackers to execute arbitrary SQL commands via the (1) in or (2) out parameter. Múltiples vulnerabilidades de inyección SQL en affiliates.php del módulo Affiliation (también conocido como Affiliates) v1.1.0 y anteriores para PunBB, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) "in" o (2) "out". • https://www.exploit-db.com/exploits/9055 http://packetstormsecurity.org/0906-exploits/punbbaffiliations-blindsql.txt http://packetstormsecurity.org/0906-exploits/punbbaffiliationsin-blindsql.txt http://secunia.com/advisories/35654 http://www.exploit-db.com/exploits/9055 http://www.osvdb.org/55478 https://exchange.xforce.ibmcloud.com/vulnerabilities/51437 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •