CVE-2010-3013 Information

Description

SQL injection vulnerability in groupadmin.php in Pligg before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the role parameter a different vulnerability than CVE-2010-2577.

Reference

http://pligg.svn.sourceforge.net/viewvc/pligg/trunk/groupadmin.php?r1=1532&r2=2143&pathrev=2143 http://pligg.svn.sourceforge.net/viewvc/pligg/trunk/groupadmin.php?view=log&pathrev=2143 http://secunia.com/advisories/40931 http://www.osvdb.org/67069 http://www.pligg.com/blog/991/pligg-cms-1-1-1-release/ http://www.securityfocus.com/bid/42408