2 matches found
Sql injection
SQL injection vulnerability in class/page.php in Farsi Script aka FaScript FaName 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter. NOTE: this might be the same issue as CVE-2008-0328...
CVE-2008-0328
CVE-2008-0328 describes an SQL injection in page.php of FaScript FaName 1.0, where the attacker can manipulate the id parameter to execute arbitrary SQL commands. The vulnerability is caused by unsafely incorporating user input into SQL queries, enabling unauthenticated remote access with potenti...