Back to CVE Browser

CVE-2009-3758

HIGH

7.5

CVSS Severity Score

EPSS Score0.1550%

EPSS Percentile26.95th

PublishedOct 22, 2009

Last ModifiedApr 23, 2026

Vulnerability Description

SQL injection vulnerability in login.php in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allows remote attackers to execute arbitrary SQL commands via the username parameter. NOTE: some of these details are obtained from third party information.

Affected Platforms (CPE)

📦

Citrix

Xencenterweb

All versions

References & Advisories

🔗 http://securenetwork.it/ricerca/advisory/download/SN-2009-01.txt

🔗 http://securitytracker.com/id?1022520

🔗 http://www.exploit-db.com/exploits/9106

🔗 http://www.securityfocus.com/archive/1/504764

🔗 http://www.securityfocus.com/bid/35592

🔗 http://www.vupen.com/english/advisories/2009/1814

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/51574

🔗 http://securenetwork.it/ricerca/advisory/download/SN-2009-01.txt

Related Vulnerabilities

CVE-2009-37598.8

Multiple cross-site request forgery (CSRF) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb all...

CVE-2009-37607.5

Static code injection vulnerability in config/writeconfig.php in the sample code in the XenServer Resource Kit in Citrix XenCenter...

CVE-2009-37574.3

Multiple cross-site scripting (XSS) vulnerabilities in sample code in the XenServer Resource Kit in Citrix XenCenterWeb allow remo...

CVE-2009-395810.0

Multiple stack-based buffer overflows in the NOS Microsystems getPlus Helper ActiveX control before 1.6.2.49 in gp.ocx in the Down...