cpe:/a:dave_robinson:rockbandcms:0.10 CVE-2009-3252 2009-09-18T16:30:00.360-04:00 2017-09-18T21:29:31.750-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-09-21T10:21:00.000-04:00 SECUNIA 36517 EXPLOIT-DB 9553 VUPEN ADV-2009-2494 XF bandcms-news-sql-injection(52940) Multiple SQL injection vulnerabilities in news.php in Rock Band CMS 0.10 allow remote attackers to execute arbitrary SQL commands via the (1) year and (2) id parameters.