RSS   Vulnerabilities for 'Discussion forum 2k'   RSS

2009-02-10
 
CVE-2008-6100

CWE-89
 

 
Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to (a) RSS1.php and (b) RSS2.php in misc/; and the (2) SubID parameter to (c) misc/RSS5.php.

 

 >>> Vendor: Berlios 4 Products
Gps daemon
Konversation
Sourcewell
Discussion forum 2k


Copyright 2024, cxsecurity.com

 

Back to Top