CVE-2011-5200 Information

Description

Multiple SQL injection vulnerabilities in DeDeCMS possibly 5.6 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) list.php (2) members.php or (3) book.php.

Reference

http://www.exploit-db.com/exploits/18292 http://www.osvdb.org/82506 http://www.osvdb.org/82507 http://www.osvdb.org/82508 http://www.securityfocus.com/bid/51211 https://exchange.xforce.ibmcloud.com/vulnerabilities/72034