CVE-2006-2585

The connected records confirm a SQL injection vulnerability in Destiney Links Script 2.1.2, exploitable via the ID parameter. Affected component: the script’s interaction with a database (unsafely concatenated/handled SQL). Root cause: lack of input sanitization/parameterization for the ID value ...

Design/Logic Flaw

Destiney Links Script 2.1.2 does not protect library and other support files, which allows remote attackers to obtain the installation path via a direct URL to files in the 1 include and 2 themes/original directories...