CVE-2010-4974

Description

SQL injection vulnerability in info.php in BrotherScripts (BS) and ScriptsFeed Auto Dealer allows remote attackers to execute arbitrary SQL commands via the id parameter.

Affected products

• brotherscripts / auto_dealer

References

• VENDOR_ADVISORYhttp://secunia.com/advisories/40391
• EXPLOIThttp://www.exploit-db.com/exploits/14239
• MISChttp://osvdb.org/66013
• MISChttps://exchange.xforce.ibmcloud.com/vulnerabilities/60061
• MISChttp://securityreason.com/securityalert/8489
• EXPLOIThttp://packetstormsecurity.org/1007-exploits/bsautodealer-sql.txt
• MISChttp://www.securityfocus.com/bid/41384