SQL injection vulnerability in index.asp in Kinesis Interactive Cinema System (KICS) CMS allows remote attackers to execute arbitrary SQL commands via the (1) txtUsername (user) or (2) txtPassword (pass) parameters.
Affected Software
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Kinesis_interactive_cinema_system | Kinesis | * | * |
References
- http://secunia.com/advisories/22493
- http://securityreason.com/securityalert/1757
- http://www.osvdb.org/29901
- http://www.securityfocus.com/archive/1/449227/100/0/threaded
- http://www.securityfocus.com/bid/20607
- http://www.vupen.com/english/advisories/2006/4130
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29683
- http://secunia.com/advisories/22493
- http://securityreason.com/securityalert/1757
- http://www.osvdb.org/29901
- http://www.securityfocus.com/archive/1/449227/100/0/threaded
- http://www.securityfocus.com/bid/20607
- http://www.vupen.com/english/advisories/2006/4130
- https://exchange.xforce.ibmcloud.com/vulnerabilities/29683