cpe:/a:andrew_freed:quotebook:- CVE-2009-0829 2009-03-05T15:30:00.640-05:00 2009-03-21T01:55:03.217-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-03-06T08:29:00.000-05:00 ALLOWS_OTHER_ACCESS BID 33166 SECUNIA 33420 Multiple SQL injection vulnerabilities in QuoteBook allow remote attackers to execute arbitrary SQL commands via the (1) MyBox and (2) selectFavorites parameters to (a) quotes.php and the (3) QuoteName and (4) QuoteText parameters to (b) quotesadd.php. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.