返回 CVE 浏览器

CVE-2009-2545

MEDIUM

6.8

CVSS Severity Score

EPSS Score0.0520%

EPSS Percentile40.06th

Published2009年7月20日

Last Modified2026年4月23日

Vulnerability Description

SQL injection vulnerability in Advanced Electron Forum (AEF) 1.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the filename in an uploaded attachment. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

Affected Platforms (CPE)

📦

Anelectron

Advanced Electron Forum

= 1.0.1

📦

Anelectron

Advanced Electron Forum

= 1.0.2

📦

Anelectron

Advanced Electron Forum

= 1.0.3

📦

Anelectron

Advanced Electron Forum

= 1.0.4

📦

Anelectron

Advanced Electron Forum

= 1.0.5

📦

Anelectron

Advanced Electron Forum

= 1.0.6

📦

Anelectron

Advanced Electron Forum

= 1.0.7

📦

Anelectron

Advanced Electron Forum

= 1.0.8

References & Advisories

🔗 http://osvdb.org/55925

🔗 http://secunia.com/advisories/35646

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/51775

🔗 http://osvdb.org/55925

🔗 http://secunia.com/advisories/35646

🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/51775

相关漏洞威胁

CVE-2008-509010.0

Electron Inc. Advanced Electron Forum before 1.0.7 allows remote attackers to execute arbitrary PHP code via PHP code embedded in ...

CVE-2011-35828.8

A Cross-site Request Forgery (CSRF) vulnerability exists in Advanced Electron Forums (AEF) through 1.0.9 due to inadequate confirm...

CVE-2011-37005.0

Advanced Electron Forum (AEF) 1.0.8 allows remote attackers to obtain sensitive information via a direct request to a .php file, w...

CVE-2018-130004.8

An XSS issue was discovered in Advanced Electron Forum (AEF) v1.0.9. A persistent XSS vulnerability is located in the `FTP Link` e...