CVE-2005-3938 Information

Description

SQL injection vulnerability in Softbiz FAQ Script 1.1 and earler allows remote attackers to execute arbitrary SQL commands via the id parameter in (1) index.php (2) faq_qanda.php (3) refer_friend.php (4) print_article.php or (5) add_comment.php.

Reference

http://pridels0.blogspot.com/2005/11/softbiz-faq-script-multiple-sql-vuln.html http://secunia.com/advisories/17809 http://www.osvdb.org/21257 http://www.osvdb.org/21258 http://www.osvdb.org/21259 http://www.osvdb.org/21260 http://www.osvdb.org/21261 http://www.securityfocus.com/bid/15653