wfsections107.txt

Program: wfsections Verion: 1.07 Bug Type: SQL Injection Bug Discription: ================================= In file class/wfsfiles.php, we can see this function: //START function getAllbyArticle$articleid $db =& Database::getInstance; $table = $db-prefix"wfsfiles"; $ret = array; $sql = "SELECT FR...

CVE-2005-0725

CVE-2005-0725 describes an SQL injection in the WF-Sections (wfsections) 1.07 module. The vulnerability exists in the getAllbyArticle function of wfsfiles.php and allows remote attackers to inject arbitrary SQL through the articleid parameter to article.php. Multiple connected records corroborate...