CVE-2009-2147 Information

Description

SQL injection vulnerability in fdown.php in phpWebThings 1.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.

Reference

http://secunia.com/advisories/35396 http://www.securityfocus.com/bid/35336 https://exchange.xforce.ibmcloud.com/vulnerabilities/51094 https://www.exploit-db.com/exploits/8939