CVE-2008-1895 Information

Description

Multiple SQL injection vulnerabilities in Carbon Communities 2.4 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) ID parameter to events.asp the (2) UserName parameter to getpassword.asp and possibly an unspecified parameter to (3) option_Update.asp in an edit action.

Reference

http://bugreport.ir/index.php?/35 http://bugreport.ir/index.php?/35/exploit http://secunia.com/advisories/29827 http://www.securityfocus.com/archive/1/490923/100/0/threaded http://www.securityfocus.com/bid/28806 https://exchange.xforce.ibmcloud.com/vulnerabilities/41845 https://www.exploit-db.com/exploits/5456