CVE-2010-1078 Information

Description

SQL injection vulnerability in archive.php in XlentProjects SphereCMS 1.1 alpha allows remote attackers to execute arbitrary SQL commands via encoded null bytes (\00) in the view parameter which bypasses a protection mechanism.

Reference

http://www.bugreport.ir/index_68.htm http://www.packetstormsecurity.org/1002-exploits/spherecms-sql.txt http://www.securityfocus.com/archive/1/509603/100/0/threaded http://www.securityfocus.com/bid/38309 https://exchange.xforce.ibmcloud.com/vulnerabilities/56423