CVE-2009-2929 Information

Description

Multiple SQL injection vulnerabilities in TGS Content Management 0.x allow remote attackers to execute arbitrary SQL commands via the (1) tgs_language_id (2) tpl_dir (3) referer (4) user-agent (5) site (6) option (7) db_optimization (8) owner (9) admin_email (10) default_language and (11) db_host parameters to cms/index.php; and the (12) cmd (13) s_dir (14) minutes (15) s_mask (16) test3_mp (17) test15_file1 (18) submit (19) brute_method (20) ftp_server_port (21) userfile14 (22) subj (23) mysql_l (24) action and (25) userfile1 parameters to cms/frontpage_ception.php. NOTE: some of these parameters may be applicable only in nonstandard versions of the product and cms/frontpage_ception.php may be cms/frontpage_caption.php in all released versions.

Reference

http://www.exploit-db.com/exploits/9434 https://exchange.xforce.ibmcloud.com/vulnerabilities/52468