CVE-2005-3363 Information

Description

SQL injection vulnerability in Saphp Lesson possibly saphp Lesson1.1 and saphpLesson2.0 allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php.

Reference

http://marc.info/?l=bugtraq&m=113018965520240&w=2 http://secunia.com/advisories/17308/ http://securityreason.com/securityalert/111 http://www.attrition.org/pipermail/vim/2005-October/000313.html http://www.osvdb.org/20289 http://www.osvdb.org/20290 http://www.securityfocus.com/archive/1/430906/30/5610/threaded http://www.securityfocus.com/archive/1/440120/100/0/threaded http://www.securityfocus.com/archive/1/472799/100/0/threaded http://www.securityfocus.com/bid/15185 https://exchange.xforce.ibmcloud.com/vulnerabilities/22861 https://exchange.xforce.ibmcloud.com/vulnerabilities/27746 https://www.exploit-db.com/exploits/1530