CVE-2012-5292 Information

Description

Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php (2) pageE.php or (3) pageH.php.

Reference

http://packetstormsecurity.org/files/view/108438/atar2bcms-sql.txt http://www.securityfocus.com/bid/51317 https://exchange.xforce.ibmcloud.com/vulnerabilities/72234