PT-2009-3909 · Cre Loaded · Cre Loaded

Player

Published

2009-04-24

Updated

2017-09-29

CVE-2009-1403

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions CRE Loaded version 6.2

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the products id parameter in the "product info.php" file.

Recommendations For CRE Loaded version 6.2, consider restricting access to the product info.php file or validating and sanitizing the products id parameter to prevent SQL injection attacks. As a temporary workaround, avoid using the products id parameter in the affected file until a patch is available.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2009-1403

Affected Products

Cre Loaded

PT-2009-3909 · Cre Loaded · Cre Loaded

CVE-2009-1403

Weakness Enumeration

Related Identifiers

Affected Products

References · 4