CVE-2007-2599 Information
Description
Multiple SQL injection vulnerabilities in TutorialCMS (aka Photoshop Tutorials) 1.00 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) catFile parameter to (a) browseCat.php or (b) browseSubCat.php; the (2) id parameter to (c) openTutorial.php (d) topFrame.php or (e) admin/editListing.php; or (3) the search parameter to search.php.
Reference
http://osvdb.org/35899 http://osvdb.org/35900 http://osvdb.org/35901 http://osvdb.org/35902 http://osvdb.org/35903 http://osvdb.org/35905 http://secunia.com/advisories/25222 http://www.securityfocus.com/bid/23905 http://www.vupen.com/english/advisories/2007/1742 http://www.wavelinkmedia.com/scripts/tutorialcms/ https://exchange.xforce.ibmcloud.com/vulnerabilities/34214 https://www.exploit-db.com/exploits/3887
Share on: