2 matches found
Sql injection
SQL injection vulnerability in hoteltiempolibreext.php in Venalsur Booking Centre Booking System for Hotels Group, when magicquotesgpc is enabled, allows remote attackers to execute arbitrary SQL commands via the NoticiaID parameter and other unspecified vectors...
CVE-2009-4386
CVE-2009-4386 is a SQL injection vulnerability in the Venalsur Booking Centre Booking System for Hotels Group, specifically in hotel_tiempolibre_ext.php. When magic_quotes_gpc is enabled, remote attackers can manipulate the NoticiaID parameter and other vectors to execute arbitrary SQL commands. ...