CVE-2008-4356 (kasseler

CVE-2008-4356 (kasseler_cms)
BugsAlert Home > CVE-2008-4356 (kasseler_cms)




Multiple SQL injection vulnerabilities in Kasseler CMS 1.1.0 and 1.2.0 allow remote attackers to execute arbitrary SQL commands via (1) the nid parameter to index.php in a View action to the News module; (2) the vid parameter to index.php in a Result action to the Voting module; (3) the fid parameter to index.php in a ShowForum action to the Forum module; (4) the tid parameter to index.php in a ShowTopic action to the Forum module; (5) the uname parameter to index.php in a UserInfo action to ... Original Source: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-4356 Learn more about CVE-2008-4356 (kasseler_cms)


Tags: cve-2008-4356 kasseler cms

Related Items
Vuln: Dokeos 'forum' and 'origin' Multiple Cross-Site Scripting Vulnerabilities
FrSIRT - Sun Solaris Security Update Fixes Samba Code Execution Vulnerabilities
HTML_IFRAME.NK
FrSIRT - Article Friendly Standard "autid" Parameter SQL Injection Vulnerability
Stonesoft StoneGate IPS HTTP Unicode Encoding Detection Bypass
In Other News: Rogue Antispyware (Again)
Vuln: Mozilla Firefox 2.0.0.14 Multiple Remote Vulnerabilities

CVE-2008-4356 (kasseler_cms)