CVE-2004-2324 Information

Description

SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx.

Reference

http://archives.neohapsis.com/archives/fulldisclosure/2004-01/1161.html http://secunia.com/advisories/10747 http://www.osvdb.org/3750 http://www.securityfocus.com/bid/9518 https://exchange.xforce.ibmcloud.com/vulnerabilities/14973