SQL injection vulnerability in main_content.asp in Acidcat 2.1.13 and earlier allows remote attackers to execute arbitrary SQL commands via the ID parameter to default.asp.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Acidcat | Acidcat | 2.1.11 (including) | 2.1.11 (including) |
| Acidcat | Acidcat | 2.1.12 (including) | 2.1.12 (including) |
| Acidcat | Acidcat | 2.1.13 (including) | 2.1.13 (including) |
References
- http://hamid.ir/security/acidcat.txt
- http://secunia.com/advisories/18097
- http://www.osvdb.org/21845
- http://www.securityfocus.com/archive/1/419905/100/0/threaded
- http://www.securityfocus.com/bid/15933
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23870
- http://hamid.ir/security/acidcat.txt
- http://secunia.com/advisories/18097
- http://www.osvdb.org/21845
- http://www.securityfocus.com/archive/1/419905/100/0/threaded
- http://www.securityfocus.com/bid/15933
- https://exchange.xforce.ibmcloud.com/vulnerabilities/23870