RSS   Vulnerabilities for 'Aka w3blabor cms'   RSS

2009-02-16
 
CVE-2009-0597

CWE-89
 

 
SQL injection vulnerability in admin/index.php in w3b>cms (aka w3blabor CMS) before 3.4.0, when magic_quotes_gpc is disabled, allows remote attackers to execute arbitrary SQL commands via the benutzername parameter (aka Username field) in a login action.

 


Copyright 2017, cxsecurity.com