CVE-2009-4925

Multiple SQL injection vulnerabilities in Portale e-commerce Creasito (aka creasito e-commerce content manager) 1.3.16, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the username parameter to (1) admin/checkuser.php and (2) checkuser.php.

Date published : 2010-07-09

http://www.securityfocus.com/bid/34605

http://www.securityfocus.com/archive/1/502818/100/0/threaded