SQL Injection Vulnerability in Saphp Lesson: Remote Code Execution via forumid Parameter

CVE-2005-3363 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php.

Learn more about our Web Application Penetration Testing UK.