CVE-2006-2279 Information

Description

Multiple SQL injection vulnerabilities in SaphpLesson 3.0 allow remote attackers to execute arbitrary SQL commands via (1) the Find parameter in (a) search.php and the (2) LID and (3) Rate parameters in (b) misc.php.

Reference

http://secunia.com/advisories/20034 http://securityreason.com/securityalert/862 http://www.osvdb.org/25362 http://www.osvdb.org/25363 http://www.securityfocus.com/archive/1/433052/100/0/threaded http://www.securityfocus.com/bid/17848 http://www.vupen.com/english/advisories/2006/1708 https://exchange.xforce.ibmcloud.com/vulnerabilities/26293