Vulnonym.org

CVE-2008-1726 - Animate Molestor

Description

Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6 when magic_quotes_gpc is disabled allow remote attackers to execute arbitrary SQL commands via the (1) kqid parameter to (a) articletext.php and (b) articletextonly.php and the (2) username parameter to (c) logincheck.php.

Reference

http://www.securityfocus.com/bid/28713 http://www.securityfocus.com/bid/28716 http://secunia.com/advisories/29716 http://www.osvdb.org/44254 http://www.osvdb.org/44255 http://www.osvdb.org/44256 https://exchange.xforce.ibmcloud.com/vulnerabilities/41746 https://www.exploit-db.com/exploits/5421