Sql injection

2011-10-0810:55:00

PRIOn knowledge base

www.prio-n.com

9.2 High

AI Score

Confidence

Low

0.004 Low

EPSS

Percentile

73.7%

JSON

Multiple SQL injection vulnerabilities in index.cfm in ColdGen ColdUserGroup 1.06 allow remote attackers to execute arbitrary SQL commands via the (1) ArticleID or (2) LibraryID parameter.

CPENameOperatorVersion
coldusergroupeq1.06

CPE	Name	Operator	Version
	coldusergroup	eq	1.06

References

packetstormsecurity.org/1009-exploits/coldusergroup-sql.txt

secunia.com/advisories/41335

securityreason.com/securityalert/8448

www.securityfocus.com/bid/43035

exchange.xforce.ibmcloud.com/vulnerabilities/61638

www.exploit-db.com/exploits/14935