Unrated severityNVD Advisory· Published Jan 12, 2010· Updated Jun 16, 2026
CVE-2009-4597
CVE-2009-4597
Description
Multiple SQL injection vulnerabilities in index.php in PHP Inventory 1.2 allow (1) remote authenticated users to execute arbitrary SQL commands via the user_id parameter in a users details action, and allow remote attackers to execute arbitrary SQL commands via the (2) user (username) and (3) pass (password) parameters. NOTE: some of these details are obtained from third party information.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
1- cpe:2.3:a:phpwares:php_inventory:1.2:*:*:*:*:*:*:*
Patches
Vulnerability mechanics
References
4News mentions
0No linked articles in our index yet.