Vulnonym.org

CVE-2008-1895 - Lane Pussies

Description

Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to events.asp the (2) UserName parameter to getpassword.asp and possibly an unspecified parameter to (3) option_Update.asp in an edit action.

Reference

http://bugreport.ir/index.php?/35 http://bugreport.ir/index.php?/35/exploit http://www.securityfocus.com/bid/28806 http://secunia.com/advisories/29827 https://exchange.xforce.ibmcloud.com/vulnerabilities/41845 https://www.exploit-db.com/exploits/5456 http://www.securityfocus.com/archive/1/490923/100/0/threaded