7.5
CVSSv2

CVE-2009-2147

Published: 22/06/2009 Updated: 29/09/2017
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
VMScore: 755
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and previous versions allows remote malicious users to execute arbitrary SQL commands via the id parameter.

Vulnerable Product Search on Vulmon Subscribe to Product

phpwebthings phpwebthings 1.0

phpwebthings phpwebthings 0.3

phpwebthings phpwebthings 0.2b

phpwebthings phpwebthings 0.2

phpwebthings phpwebthings 0.1

phpwebthings phpwebthings

phpwebthings phpwebthings 1.1a

phpwebthings phpwebthings 1.4

phpwebthings phpwebthings 0.4.1

phpwebthings phpwebthings 0.4

phpwebthings phpwebthings 1.4.4

phpwebthings phpwebthings 1.5.0

phpwebthings phpwebthings 1.5.1

phpwebthings phpwebthings 0.4.2

phpwebthings phpwebthings 0.6.0

Exploits

#!/usr/bin/perl ################################################################################################### # phpWebThings <= 152 MD5 Hash Retrieve / File Disclosure Remote Exploit # # ...