CVE-2013-3050 Information

Description

SQL injection vulnerability in ZAPms 1.41 and earlier allows remote attackers to execute arbitrary SQL commands via the pid parameter to product.

Reference

http://osvdb.org/92236 http://packetstormsecurity.com/files/121202/ZAPms-1.41-SQL-Injection.html http://secunia.com/advisories/52946 http://www.exploit-db.com/exploits/24942 http://www.securityfocus.com/bid/58960 http://www.zapms.de/open_source_cms_en https://exchange.xforce.ibmcloud.com/vulnerabilities/83313