Описание
SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to execute arbitrary SQL commands via the query parameter in the (1) question action, and possibly the (2) sub_par or (3) num_quest actions.
SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to execute arbitrary SQL commands via the query parameter in the (1) question action, and possibly the (2) sub_par or (3) num_quest actions.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2010-0614
- https://exchange.xforce.ibmcloud.com/vulnerabilities/56152
- http://packetstormsecurity.org/1002-exploits/corelan-10-008-evalmsi.txt
- http://secunia.com/advisories/38478
- http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-008-evalmsi-2-1-03-multiple-vulnerabilities
- http://www.osvdb.org/62177
- http://www.securityfocus.com/archive/1/509370/100/0/threaded
- http://www.securityfocus.com/bid/38116
Связанные уязвимости
nvd
почти 16 лет назад
SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to execute arbitrary SQL commands via the query parameter in the (1) question action, and possibly the (2) sub_par or (3) num_quest actions.