CVE-2007-1237

Description

sitex allows remote attackers to obtain potentially sensitive information via a ' (quote) value for certain parameters, as demonstrated by parameters used in forum and search, which forces a SQL error.

Affected products

• bj_sintay / sitex0.7.3 – 0.7.3

References

• MISChttp://www.securityfocus.com/archive/1/461305/100/0/threaded
• MISChttp://osvdb.org/33154
• MISChttp://securityreason.com/securityalert/2373