CVE-2009-0597

CVE-2009-0597 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

SQL injection vulnerability in admin/index.php in w3b>cms (aka w3blabor CMS) before 3.4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the benutzername parameter (aka Username field) in a login action.

Learn more about our Cms Pen Testing.