CVE-2008-4364 Information

Description

SQL injection vulnerability in default.aspx in ParsaGostar ParsaWeb CMS allows remote attackers to execute arbitrary SQL commands via the (1) id parameter in the \page\ page and (2) txtSearch parameter in the \Search\ page.

Reference

http://securityreason.com/securityalert/4343 http://www.bugreport.ir/index_53.htm http://www.securityfocus.com/archive/1/496799/100/0/threaded http://www.securityfocus.com/bid/31450 https://exchange.xforce.ibmcloud.com/vulnerabilities/45494 https://www.exploit-db.com/exploits/6610