SQL Injection Vulnerabilities in ITechBids 8.0 by ITechBids
CVE-2009-3968

Currently unrated

Key Information:

Vendor: Itechscripts
Status: Itechbids
Vendor: CVE Published:; 18 November 2009

🔔 Create Itechscripts Vulnerability Alert

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2009-3968?

ITechBids 8.0 is susceptible to multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands by manipulating specific parameters. The affected scripts include feedback.php (via user_id parameter), category.php (via cate_id), news.php (via id), and itechd.php (via productid). This vulnerability poses a significant risk as it enables attackers to gain unauthorized access to sensitive information and compromise the integrity of the database.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-3968 - Proof of Concept

References

http://www.exploit-db.com/exploits/9497

exploitx_refsource_EXPLOIT-DB

http://secunia.com/advisories/36437

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Nov 18, 2009
👾
Exploit known to exist
Nov 18, 2009
Vulnerability published
Nov 18, 2009
Vulnerability Reserved
Nov 18, 2009

CVE-2009-3968 Data

JSON