Multiple SQL injection vulnerabilities in list.php in Exhibit Engine (EE) 1.22 allow remote attackers to execute arbitrary SQL commands via the (1) search_row, (2) sort_row, (3) order or (4) perpage parameter.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Exhibit_engine | Exhibit_engine | 1.22 (including) | 1.22 (including) |
| Exhibit_engine | Exhibit_engine | 1.54_rc4 (including) | 1.54_rc4 (including) |
References
- http://marc.info/?l=bugtraq\u0026m=111773894525119\u0026w=2
- http://photography-on-the.net/forum/showthread.php?p=579692
- http://secunia.com/advisories/15583
- http://www.osvdb.org/17006
- http://www.securityfocus.com/bid/13844
- http://marc.info/?l=bugtraq\u0026m=111773894525119\u0026w=2
- http://photography-on-the.net/forum/showthread.php?p=579692
- http://secunia.com/advisories/15583
- http://www.osvdb.org/17006
- http://www.securityfocus.com/bid/13844