CVE-2009-2164
published 2009-06-22CVE-2009-2164: Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL…
PriorityP336medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
0.95%
56.9th percentile
Multiple SQL injection vulnerabilities in Kjtechforce mailman beta1, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via (1) the code parameter to activate.php or (2) the dest parameter to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| kjtechforce | mailman | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Kjtechforce mailman b1 - 'dest' Blind SQL Injection
exploitdb·2009-06-05
CVE-2009-2164 Kjtechforce mailman b1 - 'dest' Blind SQL Injection
Kjtechforce mailman b1 - 'dest' Blind SQL Injection
---
#!/usr/bin/perl
#***********************************************************************************************
#***********************************************************************************************
#** **
#** **
#** [] [] [] [][][][> [] [] [][ ][] [] [][]] [] [> [][][][> [][][][] **
#** || || || [] [][] [] [] [] [] [] [] [] [] [] [] **
# [> [][][][] [][][][> [] [] [] [] [] [][] [] [][] [][][][> [] [] **
#** [-----[]-----[][][][>--[]--[]-[]---[][][]--[]-[]--[]--------[]-----[][][][>--[][][][]---\
#**==[> [] [] [] [][] [] [] [][][] [] [][] [] [] [] >>--
#** [----[[]]----[]--- ----[]-----[]---[]--[]-----[]--[]-------[] []---[]----------[]--[]---/
# [> [[[]]] [][][][> [][] [] [][[] [[]] [][] [][][] [] [> [][][][> WEB: http:/
Exploit-DB
Kjtechforce mailman b1 - Delete Row 'code' SQL Injection
exploitdb·2009-06-05
CVE-2009-2164 Kjtechforce mailman b1 - Delete Row 'code' SQL Injection
Kjtechforce mailman b1 - Delete Row 'code' SQL Injection
---
** **
** **
** [] [] [] [][][][> [] [] [][ ][] [] [][]] [] [> [][][][> [][][][] **
** || || || [] [][] [] [] [] [] [] [] [] [] [] [] **
** [> [][][][] [][][][> [] [] [] [] [] [][] [] [][] [][][][> [] [] **
** [-----[]-----[][][][>--[]--[]-[]---[][][]--[]-[]--[]--------[]-----[][][][>--[][][][]---\
**==[> [] [] [] [][] [] [] [][][] [] [][] [] [] [] >>--
** [----[[]]----[]--- ----[]-----[]---[]--[]-----[]--[]-------[] []---[]----------[]--[]---/
[> [[[]]] [][][][> [][] [] [][[] [[]] [][] [][][] [] [> [][][][> WEB: http://sourceforge.net/projects/kjtechforce/ |
|-->DOWNLOAD: http://sourceforge.net/projects/kjtechforce/ |
|-->DEMO: N/A |
|-->CATEGORY: CMS / Mailer |
|-->DESCRIPTION: The kjtechforce project has aimed at the tool mak
No writeups or analysis indexed.
2009-06-22
Published