2 matches found
CVE-2006-5285
SQL injection vulnerability in index.php in XeoPort 0.81, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the xpbodytext parameter...
CVE-2006-5285
CVE-2006-5285: SQL injection in XeoPort 0.81 (index.php) via the xp_body_text parameter allowing remote arbitrary SQL execution. Underlying issue is insufficient input sanitization in xp_body_text handling. CVSS v2 base score 7.5 (HIGH); attack vector NETWORK, complexity LOW, no authentication re...