CVE-2009-3118 Information

Description

SQL injection vulnerability in mod/poll/comment.php in the vote module in Danneo CMS 0.5.2 and earlier allows remote attackers to execute arbitrary SQL commands via the comtext parameter in conjunction with crafted comname and comtitle parameters in a poll action to index.php related to incorrect input sanitization in base/danneo.function.php.

Reference

http://packetstormsecurity.org/0908-exploits/danneo052-sql.txt http://secunia.com/advisories/36440 http://www.vupen.com/english/advisories/2009/2459