CVE-2008-7267

UNRATEDJSON export Create alert

Description

SQL injection vulnerability in announcements.php in SiteEngine 5.x allows remote attackers to execute arbitrary SQL commands via the id parameter.

Affected products

boka / siteengine5.0 – 5.0

References

EXPLOIThttps://www.exploit-db.com/exploits/6823
VENDOR_ADVISORYhttp://secunia.com/advisories/32404
MISChttp://www.securityfocus.com/archive/1/497747/100/0/threaded
MISChttp://www.securityfocus.com/bid/31889