CVE-2008-6100 – Discussion Forums 2k 3.3 - Multiple SQL Injections
https://notcve.org/view.php?id=CVE-2008-6100
Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to (a) RSS1.php and (b) RSS2.php in misc/; and the (2) SubID parameter to (c) misc/RSS5.php. Múltiples vulnerabilidades de inyección SQL en Discussion Forums 2k v3.3, cuando "Magic_quotes_gpc están desactivadas, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) CatID a (a) RSS1.php y (b) RSS2.php en misc/; y el (2) SubID a (c) misc/RSS5.php. • https://www.exploit-db.com/exploits/6643 http://www.securityfocus.com/bid/31518 https://exchange.xforce.ibmcloud.com/vulnerabilities/45610 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •