CyberSec.Space Logo
Back to CVE Browser

CVE-2009-2929

HIGH
7.5
CVSS Severity Score
EPSS Score0.1290%
EPSS Percentile9.89th
PublishedAug 21, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple SQL injection vulnerabilities in TGS Content Management 0.x allow remote attackers to execute arbitrary SQL commands via the (1) tgs_language_id, (2) tpl_dir, (3) referer, (4) user-agent, (5) site, (6) option, (7) db_optimization, (8) owner, (9) admin_email, (10) default_language, and (11) db_host parameters to cms/index.php; and the (12) cmd, (13) s_dir, (14) minutes, (15) s_mask, (16) test3_mp, (17) test15_file1, (18) submit, (19) brute_method, (20) ftp_server_port, (21) userfile14, (22) subj, (23) mysql_l, (24) action, and (25) userfile1 parameters to cms/frontpage_ception.php. NOTE: some of these parameters may be applicable only in nonstandard versions of the product, and cms/frontpage_ception.php may be cms/frontpage_caption.php in all released versions.

Affected Platforms (CPE)

πŸ“¦
Tgs Cms

Tgs Content Management

= 0.1.6
πŸ“¦
Tgs Cms

Tgs Content Management

= 0.1.7
πŸ“¦
Tgs Cms

Tgs Content Management

= 0.2.0
πŸ“¦
Tgs Cms

Tgs Content Management

= 0.2.5
πŸ“¦
Tgs Cms

Tgs Content Management

= 0.2.5
πŸ“¦
Tgs Cms

Tgs Content Management

= 0.2.5
πŸ“¦
Tgs Cms

Tgs Content Management

= 0.3.0
πŸ“¦
Tgs Cms

Tgs Content Management

= 0.3.2
πŸ“¦
Tgs Cms

Tgs Content Management

= 0.3.2

References & Advisories

πŸ”— http://www.exploit-db.com/exploits/9434
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/52468
πŸ”— http://www.exploit-db.com/exploits/9434
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/52468

Related Vulnerabilities

CVE-2008-68394.3

Multiple cross-site scripting (XSS) vulnerabilities in TGS Content Management 0.3.2r2 allow remote attackers to inject arbitrary w...

CVE-2009-29284.3

Cross-site scripting (XSS) vulnerability in login.php in TGS Content Management 0.x allows remote attackers to inject arbitrary we...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...

CVE-2026-121905.3

A vulnerability has been found in Genspark AI Workspace App 2.8.4 on Android. This vulnerability affects unknown code of the compo...