2 matches found
CVE-2009-0672
SQL injection vulnerability in the ResendEmail module in Raven Web Services RavenNuke 2.30 allows remote authenticated administrators to execute arbitrary SQL commands via the userprefix parameter to modules.php...
CVE-2009-0672
The CVE shows a SQL injection in the RavenNuke 2.30 Resend_Email module, exploitable via the user_prefix parameter to modules.php. Affected component: Raven Web Services (Resend_Email). Root cause: improper handling of user_prefix leads to arbitrary SQL commands when accessed by remote authentica...