CVE-2008-6100 – Discussion Forums 2k 3.3 - Multiple SQL Injections

https://notcve.org/view.php?id=CVE-2008-6100

10 Feb 2009 — Multiple SQL injection vulnerabilities in Discussion Forums 2k 3.3, when magic_quotes_gpc is disabled, allow remote attackers to execute arbitrary SQL commands via the (1) CatID parameter to (a) RSS1.php and (b) RSS2.php in misc/; and the (2) SubID parameter to (c) misc/RSS5.php. Múltiples vulnerabilidades de inyección SQL en Discussion Forums 2k v3.3, cuando "Magic_quotes_gpc están desactivadas, permite a atacantes remotos ejecutar comandos SQL de su elección a través de los parámetros (1) CatID a (a) RSS1... • https://www.exploit-db.com/exploits/6643 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •