2 matches found
CVE-2009-1317
Multiple SQL injection vulnerabilities in Aqua CMS 1.1, when magicquotesgpc is disabled, allow remote attackers to execute arbitrary SQL commands via the 1 userSID cookie parameter to droplets/functions/base.php and the 2 username parameter to admin/index.php...
CVE-2009-1317
Aqua CMS 1.1 is affected by multiple SQL injection vulnerabilities when magic_quotes_gpc is disabled. The vulnerabilities allow remote attackers to execute arbitrary SQL commands via (1) the userSID cookie parameter to droplets/functions/base.php and (2) the username parameter to admin/index.php....