CVE-2007-6127 Information

Description

Multiple SQL injection vulnerabilities in project alumni 1.0.9 and earlier allow remote attackers to execute arbitrary SQL commands via the year parameter to (1) view.page.inc.php which is reachable through a view action to index.php; or (2) the year parameter to news.page.inc.php which is reachable through a news action to index.php.

Reference

http://secunia.com/advisories/27820 http://www.securityfocus.com/bid/26564 http://www.vupen.com/english/advisories/2007/3999 https://exchange.xforce.ibmcloud.com/vulnerabilities/38620 https://www.exploit-db.com/exploits/4655