Note: the vendor has disputed this issue. Multiple SQL injection vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to execute arbitrary SQL commands via the (1) s or (2) m parameter to forums.php, (3) o, (4) w, (5) s, or (6) p parameter to list.php, (7) m parameter to journal.php, (8) x or (9) n parameter to forums.php, or (10) w parameter to links.php. NOTE: this issue has been disputed by the vendor, who says None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Land_down_under | Neocrome | 800 (including) | 800 (including) |