cpe:/a:dimofinf:infinity_script:2.0.5 CVE-2009-3212 2009-09-16T13:30:00.610-04:00 2017-08-16T21:31:03.413-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-09-17T10:25:00.000-04:00 MISC http://packetstormsecurity.org/0908-exploits/infinity-disclose.txt XF infinity-username-sql-injection(52559) SQL injection vulnerability in VivaPrograms Infinity Script 2.x.x, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the username field.