CVE-2007-2299 Information

Description

Multiple SQL injection vulnerabilities in Frogss CMS 0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) dzial parameter to (a) katalog.php or the (2) t parameter to (b) forum.php or (c) forum/viewtopic.php different vectors than CVE-2006-4536.

Reference

http://osvdb.org/35526 http://osvdb.org/35527 http://osvdb.org/35528 http://www.securityfocus.com/bid/23476 http://www.vupen.com/english/advisories/2007/1388 https://exchange.xforce.ibmcloud.com/vulnerabilities/33640 https://www.exploit-db.com/exploits/3731