CVE-2010-0802

Description

SQL injection vulnerability in index.php in (nv2) Awards 1.1.0, a modification for Invision Power Board, allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action.

Affected products

• aleinbeen / (nv2)_awards1.1.0 – 1.1.0

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/38407
• EXPLOIThttp://www.exploit-db.com/exploits/11297
• EXPLOIThttp://packetstormsecurity.org/1001-exploits/ipbawards-sql.txt