2 matches found
Sql injection
SQL injection vulnerability in search.asp in JGBBS 3.0 Beta 1 and earlier allows remote attackers to execute arbitrary SQL commands via the title parameter, a different vector than CVE-2007-1440. NOTE: the provenance of this information is unknown; the details are obtained solely from third party...
CVE-2007-1440
CVE-2007-1440: SQL injection in JGBBS 3.0 Beta 1’s search.asp allows remote command execution via the author parameter. Affected component is the search functionality in JGBBS 3.0 Beta 1; root cause is improper handling/concatenation of user-supplied input resulting in SQL injection. Public refer...