cpe:/a:vastal:mmorpg_zone CVE-2009-3505 2009-09-30T11:30:00.953-04:00 2017-08-16T21:31:08.337-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-10-01T09:07:00.000-04:00 BID 36483 VUPEN ADV-2009-2734 MISC http://packetstormsecurity.org/0909-exploits/mmorpgzone-sql.txt XF mmorpgzone-viewnews-sql-injection(53436) SQL injection vulnerability in view_news.php in Vastal I-Tech MMORPG Zone allows remote attackers to execute arbitrary SQL commands via the news_id parameter. NOTE: the game_id vector is already covered by CVE-2008-4460.