Описание
Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the CategoryID parameter to ajax/sortcategories.php or (2) an unspecified vector to ajax/sortroles.php.
Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the CategoryID parameter to ajax/sortcategories.php or (2) an unspecified vector to ajax/sortroles.php.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2007-5643
- https://exchange.xforce.ibmcloud.com/vulnerabilities/37345
- https://www.exploit-db.com/exploits/4548
- http://lussumo.com/community/discussion/7214/vanilla-113-new-remote-blind-sql-injection-exploit-
- http://lussumo.com/swell/168/Vanilla-114-Released
- http://secunia.com/advisories/27348
- http://www.securityfocus.com/bid/26145
- http://www.vupen.com/english/advisories/2007/3571
Связанные уязвимости
nvd
больше 18 лет назад
Multiple SQL injection vulnerabilities in Lussumo Vanilla 1.1.3 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the CategoryID parameter to ajax/sortcategories.php or (2) an unspecified vector to ajax/sortroles.php.