Sql injection

2011-10-0910:55:00

PRIOn knowledge base

www.prio-n.com

9.3 High

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

44.8%

JSON

Multiple SQL injection vulnerabilities in Allinta CMS 22.07.2010 allow remote attackers to execute arbitrary SQL commands via the i parameter in an edit action to (1) contentAE.asp or (2) templatesAE.asp.

CPENameOperatorVersion
allinta_cmseq22.07.2010

CPE	Name	Operator	Version
	allinta_cms	eq	22.07.2010

References

securityreason.com/securityalert/8453

www.htbridge.ch/advisory/sql_injection_vulnerability_in_allinta_cms.html

www.htbridge.ch/advisory/sql_injection_vulnerability_in_allinta_cms_1.html

www.securityfocus.com/archive/1/512958

www.securityfocus.com/archive/1/512959/100/0/threaded

www.securityfocus.com/bid/42320