CVE-2009-4796

2010-04-22T14:30:00
ID CVE-2009-4796
Type cve
Reporter cve@mitre.org
Modified 2018-10-10T19:49:00

Description

Multiple SQL injection vulnerabilities in the ExecuteQueries function in private/system/classes/listfactory.class.php in glFusion 1.1.2 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) order and (2) direction parameters to search.php.