CVE-2005-3868 Information

Description

Multiple SQL injection vulnerabilities in K-Search 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) term (2) id (3) stat and (4) source parameters to index.php and (5) through the image parameters with an add request.

Reference

http://pridels0.blogspot.com/2005/11/k-search-multiple-vuln.html http://secunia.com/advisories/17719 http://www.exploit-db.com/exploits/13993 http://www.osvdb.org/21127 http://www.securityfocus.com/bid/15588 http://www.vupen.com/english/advisories/2005/2616