CVE-2005-4408 Information

Description

Multiple SQL injection vulnerabilities in Miraserver 1.0 RC4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) page parameter to index.php (2) id parameter to newsitem.php and (3) cat parameter to article.php.

Reference

http://pridels0.blogspot.com/2005/12/miraserver-sql-vuln.html http://secunia.com/advisories/18110 http://www.osvdb.org/21836 http://www.osvdb.org/21837 http://www.osvdb.org/21838 http://www.securityfocus.com/bid/15960