CVE-2009-4386

Metadata

CVE-2009-4386
7.5
packetstormsecurity.org, exploit-db.com, securityfocus.com, vupen.com
2009-12-22
2017-06-06 20:21

Description

SQL injection vulnerability in hotel_tiempolibre_ext.php in Venalsur Booking Centre Booking System for Hotels Group, when magic_quotes_gpc is enabled, allows remote attackers to execute arbitrary SQL commands via the NoticiaID parameter and other unspecified vectors.

Related Vulnerabilities