CVE-2008-1726 Information

Description

Multiple SQL injection vulnerabilities in KnowledgeQuest 2.6 when magic_quotes_gpc is disabled allow remote attackers to execute arbitrary SQL commands via the (1) kqid parameter to (a) articletext.php and (b) articletextonly.php and the (2) username parameter to (c) logincheck.php.

Reference

http://secunia.com/advisories/29716 http://www.osvdb.org/44254 http://www.osvdb.org/44255 http://www.osvdb.org/44256 http://www.securityfocus.com/bid/28713 http://www.securityfocus.com/bid/28716 https://exchange.xforce.ibmcloud.com/vulnerabilities/41746 https://www.exploit-db.com/exploits/5421