code.php in PC4Arb Pc4 Uploader 9.0 and earlier makes it easier for remote attackers to conduct SQL injection attacks via crafted keyword sequences that are removed from a filter in the id parameter in a banner action, as demonstrated via the "UNIunionON" string, which is collapsed into "UNION" by the filter_sql function.
Metrics
Affected Vendors & Products
References
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2009-05-20T19:00:00
Updated: 2024-08-07T05:20:35.331Z
Reserved: 2009-05-20T00:00:00
Link: CVE-2009-1742
Vulnrichment
No data.
NVD
Status : Modified
Published: 2009-05-20T19:30:00.407
Modified: 2017-09-29T01:34:32.467
Link: CVE-2009-1742
Redhat
No data.