PT-2010-1544 · Allomani · Allomani Movies Library

Qabandi

Published

2010-03-18

Updated

2017-09-19

CVE-2009-4734

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions Allomani Movies Library (Movies & Clips) version 2.7.0

Description The issue allows remote attackers to execute arbitrary SQL commands. This is achieved via the username parameter in a login action, specifically targeting the login.php file.

Recommendations For version 2.7.0, consider restricting access to the login.php file or disabling the login functionality until a fix is available. As a temporary workaround, avoid using the username parameter in the login action to minimize the risk of exploitation.

Exploit

Fix

SQL injection

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-89

Related Identifiers

CVE-2009-4734

Affected Products

Allomani Movies Library

PT-2010-1544 · Allomani · Allomani Movies Library

CVE-2009-4734

Weakness Enumeration

Related Identifiers

Affected Products

References · 5