2007-03-20 22:00:00
mitre
PUBLISHED
SQL injection vulnerability in functions/functions_filters.asp in Web Wiz Forums before 8.05a (MySQL version) does not properly filter certain characters in SQL commands, which allows remote attackers to execute arbitrary SQL commands via " (backslash double-quote quote) sequences, which are collapsed into , as demonstrated via the name parameter to forum/pop_up_member_search.asp.