CVE-2010-1336 Information

Description

Multiple SQL injection vulnerabilities in INVOhost 3.4 allow remote attackers to execute arbitrary SQL commands via the (1) id and (2) newlanguage parameters to site.php (3) search parameter to manuals.php and (4) unspecified vectors to faq.php. NOTE: some of these details are obtained from third party information.

Reference

http://osvdb.org/63157 http://osvdb.org/63158 http://secunia.com/advisories/39095 http://www.exploit-db.com/exploits/11874 http://www.securityfocus.com/bid/38962 https://exchange.xforce.ibmcloud.com/vulnerabilities/57161 https://exchange.xforce.ibmcloud.com/vulnerabilities/57162