• info
• discussion
• exploit
• solution
• references

Tiny Event CVE-2007-1811 SQL-Injection Vulnerability

Tiny Event is prone to a sql-injection vulnerability. SQL injection vulnerability in index.php in the Tiny Event (tinyevent) 1.01 and earlier module for Xoops allows remote attackers to execute arbitrary SQL commands via the id parameter in a show action.