CVE-2008-3254
CVE-2008-3254 describes a SQL injection in index.php of preCMS 1, where the attacker can supply a crafted id parameter in the UserProfil action to execute arbitrary SQL commands. The vulnerability arises in the web interface and is exploitable remotely with network access; no authentication is in...