Koobi Pro 5.6 showtopic Module toid Parameter SQL Injection

No description provided by source. source: http://www.securityfocus.com/bid/18970/info Koobi Pro prone to a cross-site scripting issue and an SQL-injection issue because the application fails to properly sanitize user-supplied input. A successful exploit of these vulnerabilities could allow an...

CVE-2006-3621

CVE-2006-3621 concerns Koobi Pro CMS 5.6, specifically the showtopic module. The vulnerability is a SQL injection flaw in the toid parameter that enables remote attackers to execute arbitrary SQL commands. The associated CVSSv2 metrics indicate a base score of 7.5 (HIGH) with network access and l...

CVE-2006-3622

The CVE-2006-3622 issue affects Koobi Pro CMS 5.6 (showtopic module). A remote attacker could disclose information by abusing the p parameter containing a single quote, which leads to an error message that reveals the path. The underlying root cause is not clearly determined in the provided docum...

CVE-2006-3622

The showtopic module in Koobi Pro CMS 5.6 allows remote attackers to obtain sensitive information via a ' single quote in the p parameter, which displays the path in an error message. NOTE: it is not clear whether this is SQL injection or a forced SQL error...

CVE-2006-3621

SQL injection vulnerability in the showtopic module in Koobi Pro CMS 5.6 allows remote attackers to execute arbitrary SQL commands via the toid parameter...