CVE-2009-2276

EUVD-2009-2272
SQL injection vulnerability in voteforus.php in the Vote For Us extension 1.0.1 and earlier for PunBB allows remote attackers to execute arbitrary SQL commands via the out parameter.
SQL Injection
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 45%
Affected Products (NVD)
VendorProductVersion
bigllevote_for_us_extension
𝑥
≤ 1.0.1
bigllevote_for_us_extension
1.0
𝑥
= Vulnerable software versions
Common Weakness Enumeration
References
http://www.exploit-db.com/exploits/9058
http://www.exploit-db.com/exploits/9058