SQL Injection Vulnerabilities in ITechBids 8.0 by ITechBids
CVE-2009-3968

Currently unrated

Key Information:

Vendor: Itechscripts
Status: Itechbids
Vendor: CVE Published:; 18 November 2009

🔔 Create Itechscripts Vulnerability Alert

What is CVE-2009-3968?

ITechBids 8.0 is susceptible to multiple SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands by manipulating specific parameters. The affected scripts include feedback.php (via user_id parameter), category.php (via cate_id), news.php (via id), and itechd.php (via productid). This vulnerability poses a significant risk as it enables attackers to gain unauthorized access to sensitive information and compromise the integrity of the database.

References

http://www.exploit-db.com/exploits/9497

exploitx_refsource_EXPLOIT-DB

http://secunia.com/advisories/36437

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Nov 18, 2009
Vulnerability Reserved
Nov 18, 2009