2 matches found
Sql injection
SQL injection vulnerability in poems.php in DCI-Designs Dawaween 1.03 allows remote attackers to execute arbitrary SQL commands via the id parameter in a sec list action, a different vector than CVE-2006-1018...
CVE-2006-1018
The CVE-2006-1018 entry describes an SQL injection in poems.php of DCI-Designs Dawaween 1.03, exploitable via the id parameter in a diwan view action. Affected software: Dawaween 1.03 (poems.php). Root cause: unsanitized id parameter leading to arbitrary SQL execution. Impact per CVSS: Confidenti...