cpe:/a:arabless:saphplesson:4.0 CVE-2009-2883 2009-08-20T13:30:09.250-04:00 2017-09-18T21:29:20.577-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-08-20T13:30:00.000-04:00 BID 35795 EXPLOIT-DB 9248 XF saphplesson-login-sql-injection(51983) SQL injection vulnerability in admin/login.php in SaphpLesson 4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the cp_username parameter, related to an error in the CleanVar function in includes/functions.php.