Vulnerability Description
SQL injection vulnerability in index.php in PHP Dir Submit (aka WebsiteSubmitter or Submitter Script) allows remote authenticated users to execute arbitrary SQL commands via the aid parameter in a showarticle action.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Phpdirsubmit | Php Dir Submit | All versions |
Related Weaknesses (CWE)
References
- http://www.exploit-db.com/exploits/9484
- http://www.vupen.com/english/advisories/2009/2401Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52709
- http://www.exploit-db.com/exploits/9484
- http://www.vupen.com/english/advisories/2009/2401Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/52709
FAQ
What is CVE-2009-3970?
CVE-2009-3970 is a vulnerability with a CVSS score of 6.5 (MEDIUM). SQL injection vulnerability in index.php in PHP Dir Submit (aka WebsiteSubmitter or Submitter Script) allows remote authenticated users to execute arbitrary SQL commands via the aid parameter in a sho...
How severe is CVE-2009-3970?
CVE-2009-3970 has been rated MEDIUM with a CVSS base score of 6.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-3970?
Check the references section above for vendor advisories and patch information. Affected products include: Phpdirsubmit Php Dir Submit.