cpe:/a:thomas_cuchta:rash:1.0 cpe:/a:thomas_cuchta:rash:1.1 cpe:/a:thomas_cuchta:rash:1.1.1 cpe:/a:thomas_cuchta:rash:1.1.2 cpe:/a:thomas_cuchta:rash:1.1.3 cpe:/a:thomas_cuchta:rash:1.2 cpe:/a:thomas_cuchta:rash:1.2.1 cpe:/a:thomas_cuchta:rash:1.2.2 CVE-2009-3255 2009-09-18T16:30:00.420-04:00 2017-08-16T21:31:04.163-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-09-21T10:41:00.000-04:00 SECUNIA 36477 OSVDB 57468 VUPEN ADV-2009-2446 MISC http://packetstormsecurity.org/0908-exploits/rqms-bypass.txt XF rqms-search-sql-injection(52895) SQL injection vulnerability in RASH Quote Management System (RQMS) 1.2.2 and earlier, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an admin action to the default URI.