CVE-2007-3909 Information

Description

Multiple SQL injection vulnerabilities in Bandersnatch 0.4 allow remote attackers to execute arbitrary SQL commands via the (1) date and (2) limit parameters to index.php and other unspecified vectors.

Reference

http://secunia.com/advisories/26202 http://www.osvdb.org/38268 http://www.portcullis-security.com/uplds/advisories/Bandersnatch20-2007-006.txt http://www.securityfocus.com/bid/25094 https://exchange.xforce.ibmcloud.com/vulnerabilities/35406