CVE-2008-0397 Information

Description

Multiple SQL injection vulnerabilities in aflog 1.01 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via (1) the id parameter to comments.php and (2) an unspecified parameter to view.php.

Reference

http://secunia.com/advisories/28594 http://www.securityfocus.com/bid/27398 http://www.vupen.com/english/advisories/2008/0255 https://exchange.xforce.ibmcloud.com/vulnerabilities/39825 https://www.exploit-db.com/exploits/4958