SQL injection vulnerability in 2fly_gift.php in 2FLY Gift Delivery System 6.0 allows remote attackers to execute arbitrary SQL commands via the gameid parameter in a content action.
References
Link | Resource |
---|---|
http://packetstormsecurity.org/0908-exploits/discuz60-sql.txt | Exploit |
http://secunia.com/advisories/36294 | Vendor Advisory |
Configurations
History
No history.
Information
Published : 2009-08-21 11:30
Updated : 2024-02-28 11:21
NVD link : CVE-2009-2915
Mitre link : CVE-2009-2915
CVE.ORG link : CVE-2009-2915
JSON object : View
Products Affected
2fly
- gift_delivery_system
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')