CVE-2009-3040 Information

Description

Multiple SQL injection vulnerabilities in Open Computer and Software (OCS) Inventory NG 1.02 for Unix allow remote attackers to execute arbitrary SQL commands via the (1) N (2) DL (3) O and (4) V parameters to download.php and the (5) SYSTEMID parameter to group_show.php.

Reference

http://www.leidecker.info/advisories/2009-05-30-ocs_inventory_ng_sql_injection.shtml http://www.ocsinventory-ng.org/index.php?mact=Newscntnt01detail0&cntnt01articleid=140&cntnt01returnid=72 http://www.securityfocus.com/archive/1/503936/100/0/threaded