CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 2CVE-2011-5200 – Dede CMS - SQL Injection
https://notcve.org/view.php?id=CVE-2011-5200
Multiple SQL injection vulnerabilities in DeDeCMS, possibly 5.6, allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) list.php, (2) members.php, or (3) book.php. Múltiples vulnerabilidades de inyección SQL en DeDeCMS posiblemente, v5.6, permite a atacantes remotos ejecutar comandos SQL de su elección a través del parámetro id a (1) list.php, (2) book.php o (3) members.php. • https://www.exploit-db.com/exploits/18292 http://www.exploit-db.com/exploits/18292 http://www.osvdb.org/82506 http://www.osvdb.org/82507 http://www.osvdb.org/82508 http://www.securityfocus.com/bid/51211 https://exchange.xforce.ibmcloud.com/vulnerabilities/72034 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •