Multiple SQL injection vulnerabilities in the administration interface in ASKIA askiaweb allow remote attackers to execute arbitrary SQL commands via (1) the nHistoryId parameter to WebProd/pages/pgHistory.asp or (2) the OrderBy parameter to WebProd/pages/pgadmin.asp.
References
Link | Resource |
---|---|
http://www.kb.cert.org/vuls/id/406596 | US Government Resource |
http://www.kb.cert.org/vuls/id/406596 | US Government Resource |
Configurations
History
21 Nov 2024, 01:46
Type | Values Removed | Values Added |
---|---|---|
References | () http://www.kb.cert.org/vuls/id/406596 - US Government Resource |
Information
Published : 2013-03-21 21:55
Updated : 2024-11-21 01:46
NVD link : CVE-2013-0123
Mitre link : CVE-2013-0123
CVE.ORG link : CVE-2013-0123
JSON object : View
Products Affected
askia
- askiaweb
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')