CVE-2009-1584
published 2009-05-07CVE-2009-1584: Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magic_quotes_gpc is disabled, allow remote attackers or remote authenticated users to…
PriorityP335medium6CVSS 2.0
AVNACMAuSCPIPAP
EXPLOIT
EPSS
2.61%
83.5th percentile
Multiple SQL injection vulnerabilities in TemaTres 1.0.3 and 1.031, when magic_quotes_gpc is disabled, allow remote attackers or remote authenticated users to execute arbitrary SQL commands via the (1) mail, (2) password, and (3) letra parameters to index.php; (4) y and (5) m parameters to sobre.php; and the (6) dcTema, (7) madsTema, (8) zthesTema, (9) skosTema, and (10) xtmTema parameters to xml.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| r020 | tematres | — | — |
| r020 | tematres | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
TemaTres 1.0.3 - Blind SQL Injection
exploitdb·2009-05-05
CVE-2009-1584 TemaTres 1.0.3 - Blind SQL Injection
TemaTres 1.0.3 - Blind SQL Injection
---
#!/usr/bin/perl
#***********************************************************************************************
#***********************************************************************************************
#** **
#** **
#** [] [] [] [][][][> [] [] [][ ][] [] [][]] [] [> [][][][> [][][][] **
#** || || || [] [][] [] [] [] [] [] [] [] [] [] [] **
# [> [][][][] [][][][> [] [] [] [] [] [][] [] [][] [][][][> [] [] **
#** [-----[]-----[][][][>--[]--[]-[]---[][][]--[]-[]--[]--------[]-----[][][][>--[][][][]---\
#**==[> [] [] [] [][] [] [] [][][] [] [][] [] [] [] >>--
#** [----[[]]----[]--- ----[]-----[]---[]--[]-----[]--[]-------[] []---[]----------[]--[]---/
# [> [[[]]] [][][][> [][] [] [][[] [[]] [][] [][][] [] [> [][][][> WEB: http://www.r020.com.a
Exploit-DB
TemaTres 1.0.3 - Authentication Bypass / SQL Injection / Cross-Site Scripting
exploitdb·2009-05-05
CVE-2009-1585 TemaTres 1.0.3 - Authentication Bypass / SQL Injection / Cross-Site Scripting
TemaTres 1.0.3 - Authentication Bypass / SQL Injection / Cross-Site Scripting
---
** **
** **
** [] [] [] [][][][> [] [] [][ ][] [] [][]] [] [> [][][][> [][][][] **
** || || || [] [][] [] [] [] [] [] [] [] [] [] [] **
[> [][][][] [][][][> [] [] [] [] [] [][] [] [][] [][][][> [] [] **
** [-----[]-----[][][][>--[]--[]-[]---[][][]--[]-[]--[]--------[]-----[][][][>--[][][][]---\
**==[> [] [] [] [][] [] [] [][][] [] [][] [] [] [] >>--
** [----[[]]----[]--- ----[]-----[]---[]--[]-----[]--[]-------[] []---[]----------[]--[]---/
[> [[[]]] [][][][> [][] [] [][[] [[]] [][] [][][] [] [> [][][][> WEB: http://www.r020.com.ar/tematres/ |
|-->DOWNLOAD: http://sourceforge.net/projects/tematres/ |
|-->DEMO: http://www.r020.com.ar/tematres/index.php |
|-->CATEGORY: CMS / Portals |
|-->DESCRIPTION: Web app
No writeups or analysis indexed.
http://osvdb.org/54245http://osvdb.org/54246http://secunia.com/advisories/34983http://www.securityfocus.com/archive/1/503252/100/0/threadedhttp://www.securityfocus.com/archive/1/503256http://www.securityfocus.com/bid/34830https://www.exploit-db.com/exploits/8615https://www.exploit-db.com/exploits/8616http://osvdb.org/54245http://osvdb.org/54246http://secunia.com/advisories/34983http://www.securityfocus.com/archive/1/503252/100/0/threadedhttp://www.securityfocus.com/archive/1/503256http://www.securityfocus.com/bid/34830https://www.exploit-db.com/exploits/8615https://www.exploit-db.com/exploits/8616
2009-05-07
Published