1 results (0.003 seconds)
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2
CVE-2008-1404 – eXV2 Module Viso 2.0.4.3 - 'kid' SQL Injection
https://notcve.org/view.php?id=CVE-2008-1404
SQL injection vulnerability in index.php in the Viso (Industry Book) 2.04 and 2.03 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the kid parameter. Vulnerabilidad de inyección SQL en index.php del módulo Viso (Industry Book) 2.04 y 2.03 para eXV2 permite a atacantes remotos ejecutar comandos SQL de su elección utilizando el parámetro kid. • https://www.exploit-db.com/exploits/5254 http://secunia.com/advisories/29389 http://www.securityfocus.com/bid/28255 https://exchange.xforce.ibmcloud.com/vulnerabilities/41216 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •