CVE-2008-2453 - Nonagon Terror

Description

Multiple SQL injection vulnerabilities in PHP Classifieds Script allow remote attackers to execute arbitrary SQL commands via the fatherID parameter to (1) browse.php and (2) search.php.

Reference

http://www.securityfocus.com/bid/29169 http://secunia.com/advisories/30209 https://exchange.xforce.ibmcloud.com/vulnerabilities/42380 https://www.exploit-db.com/exploits/5599