CVE-2013-5117 Information

Description

SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.

Reference

http://osvdb.org/96306 http://seclists.org/fulldisclosure/2013/Sep/9 http://www.exploit-db.com/exploits/27602 http://www.securityfocus.com/bid/61788 http://www.zldnn.com/ViewArticle/Solution-for-DNNArticle-RSS-Security-Issue.aspx