2 matches found
Sql injection
SQL injection vulnerability in show.php in vbzoom 1.11 allow remote attackers to execute arbitrary SQL commands via the MainID parameter. NOTE: the SubjectID vector is already covered by CVE-2005-4729...
CVE-2005-4729
CVE-2005-4729 describes an SQL injection in VBZooM Forum, in show.php via the SubjectID parameter. This allows remote execution of arbitrary SQL commands against the application. Connected records also reference the same subject (e.g., CVE-2006-1132 notes the MainID vector and confirms SubjectID ...