CVE-2008-2652 Information

Description

Multiple SQL injection vulnerabilities in catalog.php in SMEWeb 1.4b and 1.4f allow remote attackers to execute arbitrary SQL commands via the (1) idp and (2) category parameters.

Reference

http://secunia.com/advisories/30477 http://www.securityfocus.com/archive/1/493130/100/0/threaded http://www.securityfocus.com/bid/29496 https://exchange.xforce.ibmcloud.com/vulnerabilities/42811 https://www.exploit-db.com/exploits/5725