2 matches found
CVE-2010-1994
SQL injection vulnerability in index.php in TomatoCMS before 2.0.5 allows remote attackers to execute arbitrary SQL commands via the q parameter in conjunction with a /news/search PATHINFO...
CVE-2010-1994
TomatoCMS is affected by a SQL injection in the /news/search handler. The vulnerability is triggered via the q parameter (e.g., q=) and creates injectable SQL in conjunction with the PATH_INFO /news/search. Affects TomatoCMS prior to 2.0.5; 2.0.5 fixes the issue, with the vulnerability reappearin...