Описание
Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order and (2) direction parameters to search.php.
Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order and (2) direction parameters to search.php.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2009-4796
- https://exchange.xforce.ibmcloud.com/vulnerabilities/49498
- http://osvdb.org/52984
- http://secunia.com/advisories/34519
- http://www.exploit-db.com/exploits/8302
- http://www.glfusion.org/article.php/security_20090329
- http://www.securityfocus.com/archive/1/502260/100/0/threaded
- http://www.securityfocus.com/bid/34281
Связанные уязвимости
Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order and (2) direction parameters to search.php.