Required CVE Record Information
Description
Multiple SQL injection vulnerabilities in NetClassifieds Premium Edition allow remote attackers to execute arbitrary SQL commands via the s_user_id parameter to ViewCat.php and other unspecified vectors. NOTE: the CatID/ViewCat.php, CatID/gallery.php, and ItemNum/ViewItem.php vectors are already covered by CVE-2005-3978.
References 5 Total
- osvdb.org: 36330 vdb-entry
- exchange.xforce.ibmcloud.com: netclassifieds-viewcat-sql-injection(34994) vdb-entry
- securityfocus.com: 20070621 NetClassifieds [multiple vulnerabilities] mailing-list
- securityfocus.com: 24584 vdb-entry
- securityreason.com: 2824 third-party-advisory
Updated:
This container includes required additional information provided by the CVE Program for this vulnerability.
References 5 Total
- osvdb.org: 36330 vdb-entryx_transferred
- exchange.xforce.ibmcloud.com: netclassifieds-viewcat-sql-injection(34994) vdb-entryx_transferred
- securityfocus.com: 20070621 NetClassifieds [multiple vulnerabilities] mailing-listx_transferred
- securityfocus.com: 24584 vdb-entryx_transferred
- securityreason.com: 2824 third-party-advisoryx_transferred