CVE-2015-1400 Information

Description

SQL injection vulnerability in search.php in NPDS Revolution 13 allows remote attackers to execute arbitrary SQL commands via the query parameter.

Reference

http://packetstormsecurity.com/files/130179/NPDS-CMS-Revolution-13-SQL-Injection.html http://websecgeeks.com/npds-cms-sql-injection/ http://www.npds.org/viewtopic.php?topic=26189&forum=12 http://www.npds.org/viewtopic.php?topic=26233&forum=12