CVE-2009-2929
published 2009-08-21CVE-2009-2929: Multiple SQL injection vulnerabilities in TGS Content Management 0.x allow remote attackers to execute arbitrary SQL commands via the (1) tgs_language_id, (2)…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.95%
56.9th percentile
Multiple SQL injection vulnerabilities in TGS Content Management 0.x allow remote attackers to execute arbitrary SQL commands via the (1) tgs_language_id, (2) tpl_dir, (3) referer, (4) user-agent, (5) site, (6) option, (7) db_optimization, (8) owner, (9) admin_email, (10) default_language, and (11) db_host parameters to cms/index.php; and the (12) cmd, (13) s_dir, (14) minutes, (15) s_mask, (16) test3_mp, (17) test15_file1, (18) submit, (19) brute_method, (20) ftp_server_port, (21) userfile14, (22) subj, (23) mysql_l, (24) action, and (25) userfile1 parameters to cms/frontpage_ception.php. NOTE: some of these parameters may be applicable only in nonstandard versions of the product, and cms/frontpage_ception.php may be cms/frontpage_caption.php in all released versions.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| tgs-cms | tgs_content_management | — | — |
| tgs-cms | tgs_content_management | — | — |
| tgs-cms | tgs_content_management | — | — |
| tgs-cms | tgs_content_management | — | — |
| tgs-cms | tgs_content_management | — | — |
| tgs-cms | tgs_content_management | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2009-08-21
Published