CVE-2009-4796
glFusion versions 1.1.2 and earlier are affected by multiple SQL injection vulnerabilities in the ExecuteQueries function of private/system/classes/listfactory.class.php. The flaw allows remote attackers to inject arbitrary SQL via the (1) order and (2) direction parameters to search.php. Impact ...