CVE-2010-4916 Information

Description

Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUserGroup 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) ArticleID or (2) LibraryID parameter.

Reference

http://packetstormsecurity.org/1009-exploits/coldusergroup-sql.txt http://secunia.com/advisories/41335 http://securityreason.com/securityalert/8448 http://www.exploit-db.com/exploits/14935 http://www.securityfocus.com/bid/43035 https://exchange.xforce.ibmcloud.com/vulnerabilities/61638