CVE-2009-4625

Name of the Vulnerable Software and Affected Versions BF Survey Pro Free (com bfsurvey profree) versions 1.2.4 through 1.2.5

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved by exploiting the table parameter in an updateOnePage action to index.php. The updateOnePage function in components/com bfsurvey pro/controller.php is vulnerable to SQL injection.

Recommendations For versions 1.2.4 through 1.2.5, update to version 1.2.6 or later to resolve the issue.