CVE-2009-4936 Information

Description

Multiple SQL injection vulnerabilities in Small Pirate (SPirate) 2.1 allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to the default URI in an rss .xml action or the id parameter to (2) pag1.php (3) pag1-guest.php (4) rss-comment_post.php (aka rss-coment_post.php) or (5) rss-pic-comment.php.

Reference

http://osvdb.org/54784 http://osvdb.org/54785 http://osvdb.org/54786 http://osvdb.org/54787 http://osvdb.org/54788 http://secunia.com/advisories/35272 http://www.exploit-db.com/exploits/8819 http://www.securityfocus.com/archive/1/503863/100/0/threaded https://exchange.xforce.ibmcloud.com/vulnerabilities/50837