CVE-2010-2012 Information

Description

SQL injection vulnerability in function.php in MigasCMS 1.1 when magic_quotes_gpc is disabled allows remote attackers to execute arbitrary SQL commands via the categorie parameter in a catalogo action. NOTE: some of these details are obtained from third party information.

Reference

http://osvdb.org/64732 http://packetstormsecurity.org/1005-exploits/migascms-sql.txt http://secunia.com/advisories/39878 http://www.itsecteam.com/en/vulnerabilities/vulnerability54.htm http://www.securityfocus.com/bid/40256