CVE-2009-3543 Information

Description

SQL injection vulnerability in _phenotype/admin/login.php in Phenotype CMS before 2.9 allows remote attackers to execute arbitrary SQL commands via the user parameter (aka the login name).

Reference

http://secunia.com/advisories/35792 http://www.exploit-db.com/exploits/9107 http://www.osvdb.org/55799 http://www.phenotype-cms.com/wiki/development-changelog https://exchange.xforce.ibmcloud.com/vulnerabilities/51634