Описание
Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username parameter ($usernameb variable) to a_login.php or (2) user parameter to staff.php.
Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username parameter ($usernameb variable) to a_login.php or (2) user parameter to staff.php.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2008-7208
- https://exchange.xforce.ibmcloud.com/vulnerabilities/39482
- https://www.exploit-db.com/exploits/4857
- http://osvdb.org/51057
- http://osvdb.org/51058
- http://sourceforge.net/forum/forum.php?forum_id=774946
- http://www.bugreport.ir/index_26.htm
- http://www.securityfocus.com/archive/1/485837/100/200/threaded
- http://www.securityfocus.com/archive/1/487136/100/200/threaded
- http://www.securityfocus.com/bid/27158
- http://www.vupen.com/english/advisories/2008/0081
Связанные уязвимости
nvd
больше 16 лет назад
Multiple SQL injection vulnerabilities in OneCMS 2.4, and possibly earlier, allow remote attackers to execute arbitrary SQL commands via the (1) username parameter ($usernameb variable) to a_login.php or (2) user parameter to staff.php.