cpe:/a:worms-league:webleague:2.2.0 CVE-2009-4561 2010-01-04T16:30:00.547-05:00 2017-09-18T21:29:59.487-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-01-05T08:27:00.000-05:00 EXPLOIT-DB 9165 XF webleague-profile-index-sql-injection(51777) Multiple SQL injection vulnerabilities in Admin/index.php in WebLeague 2.2.0, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) username and (2) password parameters.