CVE-2013-6839
InstantCMS (InstantSoft) 1.10.3 and earlier is affected by a blind SQL injection via the orderby parameter to /catalog/[id]. An unauthenticated remote attacker can submit crafted SQL through the HTTP POST parameter to manipulate the database. High-Tech Bridge disclosed the issue (CVE-2013-6839) w...