CVE-2007-4086 Information

Description

Multiple SQL injection vulnerabilities in AlstraSoft Video Share Enterprise allow remote attackers to execute arbitrary SQL commands via (1) the gid parameter to gmembers.php or (2) the UID parameter to (a) uvideos.php (b) ugroups.php (c) uprofile.php (d) ufavour.php (e) ufriends.php or (f) uplaylist.php.

Reference

http://lostmon.blogspot.com/2007/07/alstrasoft-multiple-products-multiple.html http://osvdb.org/37872 http://osvdb.org/37873 http://osvdb.org/37874 http://osvdb.org/37875 http://osvdb.org/37876 http://osvdb.org/37877 http://osvdb.org/37878