Description
SQL injection vulnerability in the News module in Envolution allows remote attackers to execute arbitrary SQL commands via the (1) startrow and (2) catid parameter.
Exploits (1)
References (5)
Core 5
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/21752
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2005/2927
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/18069
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/15857
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://securitytracker.com/id?1015351
Scores
EPSS
0.0071
EPSS Percentile
72.3%
Details
CWE
CWE-89
Status
published
Products (1)
envolution/envolution
Published
Dec 15, 2005
Tracked Since
Feb 18, 2026