Unrated severityNVD Advisory· Published Jul 2, 2009· Updated Jun 16, 2026
CVE-2009-2308
CVE-2009-2308
Description
Multiple SQL injection vulnerabilities in affiliates.php in the Affiliation (aka Affiliates) module 1.1.0 and earlier for PunBB allow remote attackers to execute arbitrary SQL commands via the (1) in or (2) out parameter.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3cpe:2.3:a:punres:affiliates_mod:*:*:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:punres:affiliates_mod:*:*:*:*:*:*:*:*range: <=1.1.0
- cpe:2.3:a:punres:affiliates_mod:1.0.0:*:*:*:*:*:*:*
- Range: <=1.1.0
Patches
Vulnerability mechanics
References
6- packetstormsecurity.org/0906-exploits/punbbaffiliations-blindsql.txtnvdExploit
- packetstormsecurity.org/0906-exploits/punbbaffiliationsin-blindsql.txtnvdExploit
- secunia.com/advisories/35654nvdVendor Advisory
- www.exploit-db.com/exploits/9055nvd
- www.osvdb.org/55478nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/51437nvd
News mentions
0No linked articles in our index yet.