Vulnerability Description
code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the "UNIunionON" string, which is collapsed into "UNION" by the filter_sql function.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pc4Arb | Pc4 Uploader | <= 9.0 |
Related Weaknesses (CWE)
References
- http://osvdb.org/54572Exploit
- http://secunia.com/advisories/35122Vendor Advisory
- http://www.securityfocus.com/bid/35004
- http://www.vupen.com/english/advisories/2009/1364Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50586
- https://www.exploit-db.com/exploits/8709
- http://osvdb.org/54572Exploit
- http://secunia.com/advisories/35122Vendor Advisory
- http://www.securityfocus.com/bid/35004
- http://www.vupen.com/english/advisories/2009/1364Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50586
- https://www.exploit-db.com/exploits/8709
FAQ
What is CVE-2009-1742?
CVE-2009-1742 is a vulnerability with a CVSS score of 7.5 (HIGH). code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter i...
How severe is CVE-2009-1742?
CVE-2009-1742 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-1742?
Check the references section above for vendor advisories and patch information. Affected products include: Pc4Arb Pc4 Uploader.