CVE-2006-0727 Information

Description

SQL injection vulnerability in mstrack.php in MusOX DF MSAnalysis (DFMSA) as used in some environments that use CPG-Nuke Dragonfly CMS allows remote attackers to trigger path disclosure from a SQL syntax error and possibly execute arbitrary SQL commands via certain query data probably involving the profile name.

Reference

http://dragonflycms.org/cvs/html/includes/functions/linking.php?b=9.19.2 http://dragonflycms.org/cvs/html/includes/functions/linking.php?d=9.23-9.22 http://dragonflycms.org/Forums/viewtopic/t=14751.html http://dragonflycms.org/Forums/viewtopic/t=14877/postdays=0/postorder=asc/start=15.html http://www.osvdb.org/23060 http://www.osvdb.org/23250 http://www.securityfocus.com/bid/16783 http://www.vupen.com/english/advisories/2006/0688