2 matches found
Sql injection
SQL injection vulnerability in profile.php in AstroSPACES 1.1.1 allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action...
CVE-2008-4642
AstroSPACES profile.php SQL Injection: in version 1.1.1, the id parameter in a view action is unvalidated, enabling remote attackers to inject arbitrary SQL via the vulnerable query. The issue is documented with a CVSSv2 base score of 7.5 (HIGH) and vector AV:N/AC:L/Au:N/C:P/I:P/A:P. Connected so...