SQL Injection Vulnerability in Saphp Lesson: Remote Code Execution via forumid Parameter
CVE-2005-3363 · HIGH Severity
AV:N/AC:L/AU:N/C:P/I:P/A:P
SQL injection vulnerability in Saphp Lesson, possibly saphp Lesson1.1 and saphpLesson2.0, allows remote attackers to execute arbitrary SQL commands via the forumid parameter in (1) showcat.php and (2) add.php.
Learn more about our Web Application Penetration Testing UK.