cpe:/a:phpdirsubmit:php_dir_submit CVE-2009-3970 2009-11-18T18:30:00.627-05:00 2017-09-18T21:29:51.750-04:00 6.5 NETWORK LOW SINGLE_INSTANCE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2009-11-19T09:13:00.000-05:00 EXPLOIT-DB 9484 VUPEN ADV-2009-2401 XF phpdirsubmit-index-sql-injection(52709) SQL injection vulnerability in index.php in PHP Dir Submit (aka WebsiteSubmitter or Submitter Script) allows remote authenticated users to execute arbitrary SQL commands via the aid parameter in a showarticle action.