3 matches found
Sql injection
SQL injection vulnerability in sugcat.php in IndexScript 3.0 allows remote attackers to execute arbitrary SQL commands via the parentid parameter, a different vector than CVE-2007-4069...
Sql injection
Multiple SQL injection vulnerabilities in IndexScript 2.7 and 2.8 before 20070726 allow remote attackers to execute arbitrary SQL commands via the 1 catid, 2 startid, 3 rowparentid, and 4 rowcatid parameters to unspecified components, related to use of these parameters within include/utils.php...
CVE-2007-4069
CVE-2007-4069 is an SQL injection in show_cat.php of IndexScript 2.8 and earlier, exploitable via the cat_id parameter to execute arbitrary SQL remotely. The connected records also reference related CVEs (CVE-2007-4163) describing similar injection vectors in IndexScript 2.7/2.8, noting the show_...