CVE-2009-3246

Metadata

CVE-2009-3246
7.5
exploit-db.com, packetstormsecurity.com, vupen.com, exchange.xforce.ibmcloud.com
2009-09-18
2017-09-19 07:07

Description

SQL injection vulnerability in spnews.php in MyBuxScript PTC-BUX allows remote attackers to execute arbitrary SQL commands via the id parameter in an spnews action to the default URI. NOTE: some of these details are obtained from third party information.

Related Vulnerabilities