CyberSec.Space Logo
Back to CVE Browser

CVE-2009-2545

MEDIUM
6.8
CVSS Severity Score
EPSS Score0.0520%
EPSS Percentile40.06th
PublishedJul 20, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the filename in an uploaded attachment. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected Platforms (CPE)

πŸ“¦
Anelectron

Advanced Electron Forum

= 1.0.1
πŸ“¦
Anelectron

Advanced Electron Forum

= 1.0.2
πŸ“¦
Anelectron

Advanced Electron Forum

= 1.0.3
πŸ“¦
Anelectron

Advanced Electron Forum

= 1.0.4
πŸ“¦
Anelectron

Advanced Electron Forum

= 1.0.5
πŸ“¦
Anelectron

Advanced Electron Forum

= 1.0.6
πŸ“¦
Anelectron

Advanced Electron Forum

= 1.0.7
πŸ“¦
Anelectron

Advanced Electron Forum

= 1.0.8

References & Advisories

πŸ”— http://osvdb.org/55925
πŸ”— http://secunia.com/advisories/35646
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/51775
πŸ”— http://osvdb.org/55925
πŸ”— http://secunia.com/advisories/35646
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/51775

Related Vulnerabilities

CVE-2008-509010.0

Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in ...

CVE-2011-35828.8

A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF) through 1.0.9 due to inadequate confirm...

CVE-2011-37005.0

Advanced Electron Forum (AEF) 1.0.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, w...

CVE-2018-130004.8

An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` e...