CVE-2012-5244 Information

Description

Multiple SQL injection vulnerabilities in Banana Dance B.2.6 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) return (2) display (3) table or (4) search parameter to functions/suggest.php; (5) the id parameter to functions/widgets.php (6) the category parameter to functions/print.php; or (7) the name parameter to functions/ajax.php.

Reference

http://osvdb.org/88535 http://osvdb.org/88536 http://osvdb.org/88537 http://osvdb.org/88538 http://www.exploit-db.com/exploits/23573/ https://exchange.xforce.ibmcloud.com/vulnerabilities/80746 https://www.htbridge.com/advisory/HTB23118