CVE-2009-0287 Information

Description

SQL injection vulnerability in lib/patUser.php in KEEP Toolkit before 2.5.1 allows remote attackers to execute arbitrary SQL commands via the (1) username and (2) password.

Reference

http://keeptoolkit.svn.sourceforge.net/viewvc/keeptoolkit?view=rev&revision=56 http://osvdb.org/51623 http://secunia.com/advisories/33652 http://sourceforge.net/project/shownotes.php?release_id=655845&group_id=227492 http://www.securityfocus.com/bid/33425