CVE-2005-4010

CVE-2005-4010

EPSS 1.4%

SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to category.php and (2) search parameters to search.php.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

http://pridels0.blogspot.com/2005/11/kbase-express-sql-inj-vuln.html http://secunia.com/advisories/17806 https://exchange.xforce.ibmcloud.com/vulnerabilities/23309 http://www.osvdb.org/21340 http://www.osvdb.org/21341 http://www.securityfocus.com/bid/15635 http://www.vupen.com/english/advisories/2005/2641