cpe:/a:phpdirectorysource:phpdirectorysource:1.0 cpe:/a:phpdirectorysource:phpdirectorysource:1.1 CVE-2009-4680 2010-03-10T17:30:00.403-05:00 2017-09-18T21:30:01.830-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2010-03-11T13:27:00.000-05:00 BID 35760 SECUNIA 35941 EXPLOIT-DB 9226 MISC http://packetstormsecurity.org/0907-exploits/wbd-sqlxss.txt SQL injection vulnerability in search.php in phpDirectorySource 1.x allows remote attackers to execute arbitrary SQL commands via the st parameter.