CVE-2005-3939 Information

Description

Multiple SQL injection vulnerabilities in WSN Knowledge Base 1.2.0 and earler allow remote attackers to execute arbitrary SQL commands via the (1) catid (2) perpage (3) ascdesc and (4) orderlinks in a displaycat action in (a) index.php; and the (5) id parameter in (b) comments.php and (c) memberlist.php.

Reference

http://pridels0.blogspot.com/2005/11/wsn-knowledge-base-sql-inj-vuln.html http://secunia.com/advisories/17810 http://www.osvdb.org/21262 http://www.osvdb.org/21263 http://www.osvdb.org/21264 http://www.securityfocus.com/bid/15656