Arbitrary SQL Command Execution in ODFaq 2.1.0

Arbitrary SQL Command Execution in ODFaq 2.1.0

CVE-2005-4359 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:P/A:N

SQL injection vulnerability in includes/core.inc.php in ODFaq 2.1.0 allows remote attackers to execute arbitrary SQL commands via the (1) cat and (2) srcText parameters to faq.php.

Learn more about our Web Application Penetration Testing UK.