Bugsalert.com
Security News about Viruses, Spyware,
Trojans, Malware, XSS attacks.
Home | Recent | Sitemap

CVE-2007-6366 (SineCMS)
BugsAlert Home > CVE-2007-6366 (SineCMS)
 
 

Multiple SQL injection vulnerabilities in SineCMS 2.3.4 and earlier allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to mods/Calendar/index.php, accessed through a Calendar info action to mods.php; the id parameter to admin/mods_adm.php in a (2) Guestbook modifica or (3) Calendar modify action; or the (4) mese or (5) anno parameter to admin/mods_adm.php in a Calendar action. NOTE: the component for vectors 2 through 5 might be limited to administrators.




Original Source: http://nvd.nist.gov/nvd.cfm?cvename=CVE-2007-6366

Learn more about CVE-2007-6366 (SineCMS)
 
Tags: cve-2007-6366 sinecms

Related Items
      CVE-2008-1578 (Mac OS X, Mac OS X Server)

      IBM AIX DNS Cache Poisoning

      FrSIRT - rPath Security Update Fixes Poppler Code Execution Vulnerability

      CVE-2008-2548 (razr)

      CVE-2008-0607 (com_sobi2)

      FrSIRT - VMware Security Update Fixes Multiple Security Bypass Vulnerabilities

      xml2owl "file" Information Disclosure Vulnerability

 
© 2007-2009 BugsAlert.com Original template by Arcsin Hosted By 1and1


Pixel