CVE-2013-6839

Publication date

2013-12-13 15:00:00

Family

mitre

State

PUBLISHED

Description

SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id].