Vulnonym.org

CVE-2008-1990 - Aesculapian Alligator

Description

Multiple SQL injection vulnerabilities in Acidcat CMS 3.4.1 allow remote attackers to execute arbitrary SQL commands via the (1) cID parameter to default.asp and the (2) username parameter to main_login2.asp.

Reference

http://bugreport.ir/index.php?/36 http://www.securityfocus.com/bid/28868 http://secunia.com/advisories/29916 http://securityreason.com/securityalert/3842 https://exchange.xforce.ibmcloud.com/vulnerabilities/41918 https://www.exploit-db.com/exploits/5478 http://www.securityfocus.com/archive/1/491129/100/0/threaded