3 matches found
Sql injection
SQL injection vulnerability in profile.php in AlstraSoft AskMe Pro 2.1 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: The queid parameter to forumanswer.php is already covered by CVE-2007-4085...
CVE-2007-4085
CVE-2007-4085 affects AlstraSoft AskMe Pro (multiple SQL injection flaws). The vulnerabilities allow remote attackers to manipulate SQL via 1) que_id in forum_answer.php and 2) cat_id in search.php. Root cause: unsafely constructed SQL queries leading to arbitrary command execution. Evidence from...
CVE-2007-4085
Multiple SQL injection vulnerabilities in AlstraSoft AskMe Pro allow remote attackers to execute arbitrary SQL commands via the 1 queid parameter to forumanswer.php or 2 the catid parameter to search.php...