CVE-2011-1055 Information

Description

SQL injection vulnerability in api/ice_media.cfc in Lingxia I.C.E CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the session.user_id parameter to media.cfm.

Reference

http://secunia.com/advisories/43327 http://www.exploit-db.com/exploits/16171 http://www.securityfocus.com/bid/46373 [http://www.stratsec.net/Research/Advisories/Lingxia-273-I-C-E-CMS-Blind-SQL-Injection-(SS-2011](http://www.stratsec.net/Research/Advisories/Lingxia-273-I-C-E-CMS-Blind-SQL-Injection-(SS-2011) https://exchange.xforce.ibmcloud.com/vulnerabilities/65462 https://exchange.xforce.ibmcloud.com/vulnerabilities/65477