CVE-2009-4783 Information

Description

Multiple SQL injection vulnerabilities in Theeta CMS possibly 0.01 allow remote attackers to execute arbitrary SQL commands via the start parameter to (1) forum.php and (2) thread.php in community/ and (3) blog/index.php.

Reference

http://packetstormsecurity.org/0912-exploits/theeta-sqlxss.txt http://secunia.com/advisories/37529 http://www.securityfocus.com/archive/1/508148/100/0/threaded