Multiple SQL injection vulnerabilities in iScripts EasySnaps 2.0 allow remote attackers to execute arbitrary SQL commands via the (1) comment parameter to add_comments.php, (2) values parameter to tags_details.php, or (3) begin parameter to greetings.php.
References
Configurations
Information
Published : 2010-07-02 13:30
Updated : 2018-10-10 12:59
NVD link : CVE-2010-2624
Mitre link : CVE-2010-2624
JSON object : View
CWE
CWE-89
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection')
Products Affected
iscripts
- easysnaps