CVE-2006-2835 Information

Description

SQL injection vulnerability in saphplesson 2.0 allows remote attackers to execute arbitrary SQL commands via the (1) forumid parameter in add.php and (2) lessid parameter in show.php.

Reference

http://securityreason.com/securityalert/1047 http://www.securityfocus.com/archive/1/435202/100/0/threaded http://www.securityfocus.com/archive/1/440120 http://www.securityfocus.com/archive/1/472798/100/0/threaded http://www.securityfocus.com/bid/18117 http://www.securityfocus.com/bid/18934 https://exchange.xforce.ibmcloud.com/vulnerabilities/26757