2 matches found
CVE-2008-5629
CVE-2008-5629 describes an SQL injection in the Turnkey Arcade Script: vulnerable component is index.php, via the id parameter in a play action. The underlying flaw allows remote attackers to inject arbitrary SQL and potentially affect data, due to the input being unsafely concatenated into queri...
CVE-2009-3973
The CVE relates to a SQL injection in index.php of Turnkey Arcade Script. The vulnerability is triggered via the id parameter in actions (play or browse) and allows remote attackers to execute arbitrary SQL commands, reflecting a classic server-side injectable vector. The connected data confirms ...