Video Share Enterprise CVE-2007-4086 SQL-Injection Vulnerability

Video Share Enterprise CVE-2007-4086 SQL-Injection Vulnerability

Video Share Enterprise is prone to a sql-injection vulnerability. Multiple SQL injection vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to gmembers.php, or (2) the UID parameter to (a) uvideos.php, (b) ugroups.php, (c) uprofile.php, (d) ufavour.php, (e) ufriends.php, or (f) uplaylist.php.