Description
SQL injection vulnerability in index.asp in Kinesis Interactive Cinema System (KICS) CMS allows remote attackers to execute arbitrary SQL commands via the (1) txtUsername (user) or (2) txtPassword (pass) parameters.
Exploits (1)
References (7)
Core 7
Core References
Third Party Advisory third-party-advisory
x_refsource_sreason
http://securityreason.com/securityalert/1757
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/20607
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/449227/100/0/threaded
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2006/4130
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/29683
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/22493
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/29901
Scores
EPSS
0.0174
EPSS Percentile
82.7%
Details
Status
published
Products (1)
kinesis/kinesis_interactive_cinema_system
Published
Oct 23, 2006
Tracked Since
Feb 18, 2026