2 matches found
Sql injection
SQL injection vulnerability in inclistnews.asp in CodeAvalanche News 1.x allows remote attackers to execute arbitrary SQL commands via the CATID parameter...
CVE-2007-1021
The CVE-2007-1021 entry concerns CodeAvalanche News 1.x, where a SQL injection flaw in inc_listnews.asp allows remote attackers to execute arbitrary SQL commands via the CAT_ID parameter. The underlying issue is improper handling/validation of CAT_ID, enabling crafted input to affect the database...