CVE-2009-0402 Information

Description

SQL injection vulnerability in client/new_account.php in Domain Technologie Control (DTC) before 0.29.16 allows remote attackers to execute arbitrary SQL commands via the (1) familyname (2) christname (3) company_name (4) is_company (5) email (6) phone (7) fax (8) addr1 (9) addr2 (10) addr3 (11) zipcode (12) city (13) state (14) country and (15) vat_num parameters.

Reference

http://freshmeat.net/projects/dtc/?branch_id=22759&release_id=292973 http://git.gplhost.com/gitweb/?p=dtc.git;a=commitdiff;h=056e1d1849ff3aa183a410e2aab1c1c3e969247d http://osvdb.org/51631 http://secunia.com/advisories/33698 http://www.securityfocus.com/bid/33496 https://exchange.xforce.ibmcloud.com/vulnerabilities/48292