2 matches found
Debian DSA-471-1 : interchange - missing input sanitising
A vulnerability was discovered recently in Interchange, an e-commerce and general HTTP database display system. This vulnerability can be exploited by an attacker to expose the content of arbitrary variables. An attacker may learn SQL access information for your Interchange application and use th...
CVE-2004-0374
Interchange before 5.0.1 allows remote attackers to "expose the content of arbitrary variables" and read or modify sensitive SQL information via an HTTP request ending with the "SQLUSER" string...