CVE-2009-3252 Information

Description

Multiple SQL injection vulnerabilities in news.php in Rock Band CMS 0.10 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) id parameters.

Reference

http://secunia.com/advisories/36517 http://www.exploit-db.com/exploits/9553 http://www.vupen.com/english/advisories/2009/2494 https://exchange.xforce.ibmcloud.com/vulnerabilities/52940