TutorialCMS browseCat.php catFile Variable SQL Injection

2007-05-09T07:33:24
ID OSVDB:35899
Type osvdb
Reporter OSVDB
Modified 2007-05-09T07:33:24

Description

Technical Description

This vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.

References:

Vendor Specific News/Changelog Entry: http://www.wavelinkmedia.com/scripts/tutorialcms/ Secunia Advisory ID:25222 Related OSVDB ID: 35900 Related OSVDB ID: 35901 Related OSVDB ID: 35905 Related OSVDB ID: 35892 Related OSVDB ID: 35902 Related OSVDB ID: 35903 ISS X-Force ID: 34214 Generic Exploit URL: http://milw0rm.com/exploits/3887 FrSIRT Advisory: ADV-2007-1742 CVE-2007-2599 Bugtraq ID: 23905