Описание
SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter.
SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2006-6157
- https://exchange.xforce.ibmcloud.com/vulnerabilities/30459
- https://www.exploit-db.com/exploits/2822
- http://secunia.com/advisories/23005
- http://securityreason.com/securityalert/1925
- http://securitytracker.com/id?1017265
- http://sourceforge.net/project/shownotes.php?group_id=161604&release_id=465437
- http://www.0xcafebabe.it/sploits/contentnow_139_sqlinj.pl
- http://www.securityfocus.com/archive/1/452231/100/100/threaded
- http://www.securityfocus.com/bid/21237
- http://www.vupen.com/english/advisories/2006/4663
Связанные уязвимости
nvd
около 19 лет назад
SQL injection vulnerability in index.php in ContentNow 1.39 and earlier allows remote attackers to execute arbitrary SQL commands via the pageid parameter. NOTE: this issue can be leveraged for path disclosure with an invalid pageid parameter.