Description
Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote attackers to execute arbitrary SQL commands via the (1) kat parameter to side.asp, and the (2) brugerid and (3) password fields to the administration login feature.
Exploits (1)
References (5)
Core 5
Core References
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/8307
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/34289
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49509
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/49510
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34540
Scores
EPSS
0.0085
EPSS Percentile
75.0%
Details
CWE
CWE-89
Status
published
Products (1)
diskos/diskos_cms
6
Published
Apr 22, 2010
Tracked Since
Feb 18, 2026