Description
Note: the vendor has disputed this issue. Multiple SQL injection vulnerabilities in Land Down Under (LDU) 800 allow remote attackers to execute arbitrary SQL commands via the (1) s or (2) m parameter to forums.php, (3) o, (4) w, (5) s, or (6) p parameter to list.php, (7) m parameter to journal.php, (8) x or (9) n parameter to forums.php, or (10) w parameter to links.php. NOTE: this issue has been disputed by the vendor, who says "None of the tricks written there are working, the variables are properly sanitized and no LDU version is affected.
Exploits (5)
exploitdb
WRITEUP
VERIFIED
by matrix_killer · textwebappsphp
https://www.exploit-db.com/exploits/26207
References (4)
Core 4
Core References
Mailing List mailing-list
x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=112456235729717&w=2
Exploit vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1014747
Various Sources x_refsource_misc
http://www.neocrome.net
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/14618
Scores
EPSS
0.0070
EPSS Percentile
72.0%
Details
Status
published
Products (1)
neocrome/land_down_under
800
Published
Aug 23, 2005
Tracked Since
Feb 18, 2026