2 matches found
CVE-2010-0952
CVE-2010-0952 is a SQL injection vulnerability in OneCMS 2.5, triggered when magic_quotes_gpc is disabled. The flaw resides in index.php and allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action. The CVSS base score is 6.8 (Medium) with Network attack...
CVE-2010-0952
SQL injection vulnerability in index.php in OneCMS 2.5, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the user parameter in an elite action...