CVE-2014-3446 Information

Description

SQL injection vulnerability in wcm/system/pages/admin/getnode.aspx in BSS Continuity CMS 4.2.22640.0 allows remote attackers to execute arbitrary SQL commands via the nodeid parameter.

Reference

http://seclists.org/fulldisclosure/2014/May/87 http://www.securityfocus.com/bid/70861 https://exchange.xforce.ibmcloud.com/vulnerabilities/93280 https://www.portcullis-security.com/security-research-and-downloads/security-advisories/cve-2014-3446