CVE-2005-4010 Information

Description

SQL injection vulnerability in KBase Express 1.0.0 and earlier allows remote attackers to execute arbitrary SQL commands via the (1) id parameter to category.php and (2) search parameters to search.php.

Reference

http://pridels0.blogspot.com/2005/11/kbase-express-sql-inj-vuln.html http://secunia.com/advisories/17806 http://www.osvdb.org/21340 http://www.osvdb.org/21341 http://www.securityfocus.com/bid/15635 http://www.vupen.com/english/advisories/2005/2641 https://exchange.xforce.ibmcloud.com/vulnerabilities/23309