CVE-2008-4711 Information

Description

SQL injection vulnerability in Joovili 3.0 and earlier when magic_quotes_gpc is disabled allows remote attackers to execute arbitrary SQL commands via the id parameter to (1) view.blog.php (2) view.event.php (3) view.group.php (4) view.music.php (5) view.picture.php and (6) view.video.php.

Reference

http://securityreason.com/securityalert/4486 http://www.securityfocus.com/bid/31444 https://exchange.xforce.ibmcloud.com/vulnerabilities/45486 https://www.exploit-db.com/exploits/6595