cpe:/a:alibabaclone:alibaba_clone:3.0 CVE-2009-3504 2009-09-30T11:30:00.937-04:00 2009-10-01T00:00:00.000-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-10-01T08:42:00.000-04:00 SECUNIA 36845 VUPEN ADV-2009-2737 MISC http://packetstormsecurity.org/0909-exploits/alibaba30-sql.txt SQL injection vulnerability in offers_buy.php in Alibaba Clone 3.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.