Description
Multiple SQL injection vulnerabilities in Loki download manager 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) password field to default.asp or (2) cat parameter to catinfo.asp.
Exploits (2)
exploitdb
WORKING POC
VERIFIED
by hack_912 · textwebappsasp
https://www.exploit-db.com/exploits/25804
exploitdb
WORKING POC
VERIFIED
by hack_912 · textwebappsasp
https://www.exploit-db.com/exploits/25805
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1014147
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/13900
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111826992711703&w=2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/13898
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/15633
Scores
EPSS
0.0107
EPSS Percentile
78.0%
Details
Status
published
Published
Jun 08, 2005
Tracked Since
Feb 18, 2026