CVE-2009-2929

Exp

Multiple SQL injection vulnerabilities in TGS Content Management 0.x allow remote attackers to execute arbitrary SQL commands via the (1) tgs_language_id, (2) tpl_dir, (3) referer, (4) user-agent, (5) site, (6) option, (7) db_optimization, (8) owner, (9) admin_email, (10) default_language, and (11) db_host parameters to cms/index.php; and the (12) cmd, (13) s_dir, (14) minutes, (15) s_mask, (16) test3_mp, (17) test15_file1, (18) submit, (19) brute_method, (20) ftp_server_port, (21) userfile14, (22) subj, (23) mysql_l, (24) action, and (25) userfile1 parameters to cms/frontpage_ception.php. NOTE: some of these parameters may be applicable only in nonstandard versions of the product, and cms/frontpage_ception.php may be cms/frontpage_caption.php in all released versions.

Published: 2009-08-21 Last update: 2026-06-16 Assigner: [email protected] Source: [email protected]

Conclusion & alert: CVE-2009-2929 is rated High Exploit Risk (65.5/100): CVSS High severity, with medium exploitation likelihood (EPSS 0.95%). Core evidence: 1 public exploit reference(s) are indexed (Exploit-DB). Mandatory action: Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2009-2929

EDB-ID Source Kind Published Link
9434 exploit_db edb 2009-08-13 Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2009-2929

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-06-15 0.25% 0.95% +0.70%
2 2026-01-16 0.11% 0.25% +0.14%
3 2025-11-07 0.11%

Full EPSS history (6 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2009-2929

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
7.5 2.0 HIGH
AV:N/AC:L/Au:N/C:P/I:P/A:P Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:P)
Partial confidentiality impact.
Integrity impact (I:P)
Partial integrity impact.
Availability impact (A:P)
Partial availability impact.
10.0 6.4 [email protected]

Weakness enumeration for CVE-2009-2929

Affected software / configurations for CVE-2009-2929

Vendor Product Version Raw CPE
tgs-cms tgs_content_management 0.1.6 cpe:2.3:a:tgs-cms:tgs_content_management:0.1.6:*:*:*:*:*:*:*
tgs-cms tgs_content_management 0.1.7 cpe:2.3:a:tgs-cms:tgs_content_management:0.1.7:*:*:*:*:*:*:*
tgs-cms tgs_content_management 0.2.0 cpe:2.3:a:tgs-cms:tgs_content_management:0.2.0:*:*:*:*:*:*:*
tgs-cms tgs_content_management 0.2.5 cpe:2.3:a:tgs-cms:tgs_content_management:0.2.5:*:*:*:*:*:*:*
tgs-cms tgs_content_management 0.2.5 cpe:2.3:a:tgs-cms:tgs_content_management:0.2.5:r2:*:*:*:*:*:*
tgs-cms tgs_content_management 0.2.5 cpe:2.3:a:tgs-cms:tgs_content_management:0.2.5:r3:*:*:*:*:*:*
tgs-cms tgs_content_management 0.3.0 cpe:2.3:a:tgs-cms:tgs_content_management:0.3.0:*:*:*:*:*:*:*
tgs-cms tgs_content_management 0.3.2 cpe:2.3:a:tgs-cms:tgs_content_management:0.3.2:*:*:*:*:*:*:*
tgs-cms tgs_content_management 0.3.2 cpe:2.3:a:tgs-cms:tgs_content_management:0.3.2:r2:*:*:*:*:*:*

References for CVE-2009-2929

cvelogic Threat Intelligence