1 results (0.009 seconds)

CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 2

SQL injection vulnerability in index.php in the Viso (Industry Book) 2.04 and 2.03 module for eXV2 allows remote attackers to execute arbitrary SQL commands via the kid parameter. Vulnerabilidad de inyección SQL en index.php del módulo Viso (Industry Book) 2.04 y 2.03 para eXV2 permite a atacantes remotos ejecutar comandos SQL de su elección utilizando el parámetro kid. • https://www.exploit-db.com/exploits/5254 http://secunia.com/advisories/29389 http://www.securityfocus.com/bid/28255 https://exchange.xforce.ibmcloud.com/vulnerabilities/41216 • CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •