Security Advisory

CVE-2009-1810

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2009-05-29 16:24:00

Last updated 2024-08-07 05:27:54

Assigner mitre

State PUBLISHED

Description

Multiple SQL injection vulnerabilities in myColex 1.4.2 allow remote attackers to execute arbitrary SQL commands via (1) the formUser parameter (aka the Name field) to common/login.php, and allow remote authenticated users to execute arbitrary SQL commands via the ID parameter in a Detail action to (2) kategorie.php, (3) medium.php, (4) person.php, or (5) schlagwort.php in modules/, related to classes/class.perform.php.

← Browse all CVEs View on cve.org ↗