CVE-2010-0614 Information

Description

SQL injection vulnerability in ajax.php in evalSMSI 2.1.03 allows remote attackers to execute arbitrary SQL commands via the query parameter in the (1) question action and possibly the (2) sub_par or (3) num_quest actions.

Reference

http://packetstormsecurity.org/1002-exploits/corelan-10-008-evalmsi.txt http://secunia.com/advisories/38478 http://www.corelan.be:8800/index.php/forum/security-advisories/corelan-10-008-evalmsi-2-1-03-multiple-vulnerabilities/ http://www.osvdb.org/62177 http://www.securityfocus.com/archive/1/509370/100/0/threaded http://www.securityfocus.com/bid/38116 https://exchange.xforce.ibmcloud.com/vulnerabilities/56152