Description
SQL injection vulnerability in Akarru Social BookMarking Engine before 0.4.3.4 allows remote attackers to execute arbitrary SQL commands via unknown attack vectors, possibly involving the username parameter to akarru.lib/users.php.
Affected products
- akarru / social_bookmarking_engine0.4.3.2 – 0.4.3.2
- akarru / social_bookmarking_engine0.4.3.3 – 0.4.3.3
References
- MISChttp://www.securityfocus.com/bid/16989
- MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/25115
- MISChttp://sourceforge.net/project/shownotes.php?release_id=398713&group_id=155783
- VENDOR_ADVISORYhttp://secunia.com/advisories/19112
- VENDOR_ADVISORYhttp://www.vupen.com/english/advisories/2006/0841