CVE-2006-3236 Information

Description

Multiple SQL injection vulnerabilities in thinkWMS 1.0 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id parameter in (a) index.php or (b) printarticle.php and the (2) catid parameter in index.php.

Reference

http://pridels0.blogspot.com/2006/06/thinkwms-sql-injection-vuln.html http://secunia.com/advisories/20747 http://securitytracker.com/id?1016355 http://www.osvdb.org/26742 http://www.osvdb.org/26743 http://www.securityfocus.com/bid/18567 http://www.vupen.com/english/advisories/2006/2470 https://exchange.xforce.ibmcloud.com/vulnerabilities/27270