CVE-2005-2561 Information

Description

Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote attackers to execute arbitrary SQL commands via the Theme parameter to (1) affichagefaq.php3 (2) choixsoustheme.php3 (3) consultation.php3 (4) insfaq.php3 (5) inssoustheme.php3 (6) instheme.php3 (7) saisiefaqtotale.php3 (8) saisiesoustheme.php3 or (9) voirfaq.php3 the SousTheme parameter to (10) affichagefaq.php3 (11) consultation.php3 (12) insfaq.php3 (13) inssoustheme.php3 (14) saisiefaq.php3 (15) saisiefaqtotale.php3 or (16) voirfaq.php3 the Faq parameter to (17) saisiefaq.php3 (18) voirfaq.php3 or (19) inssolution.php3 or (20) question parameter to affichagefaq.php3.

Reference

http://marc.info/?l=bugtraq&m=112352204602309&w=2 http://secunia.com/advisories/16366 http://svt.nukleon.us/lab/svadvisory13.txt http://www.securityfocus.com/bid/14503