Vulnonym.org

CVE-2008-2843 - Unnerving Modem

Description

Multiple SQL injection vulnerabilities in doITLive CMS 2.50 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter in an USUB action to default.asp and the (2) Licence[SpecialLicenseNumber] (aka LicenceId) cookie to edit/default.asp.

Reference

http://www.bugreport.ir/?/43 http://www.securityfocus.com/bid/29789 http://secunia.com/advisories/30705 https://exchange.xforce.ibmcloud.com/vulnerabilities/43163 https://exchange.xforce.ibmcloud.com/vulnerabilities/43161 https://www.exploit-db.com/exploits/5849