Intrusion Prevention

PHPWebSite.Topics.PHP.SQL.Injection

Description

SQL injection vulnerability in topics.php, in Appalachian State University phpWebSite 0.10.2 and earlier, allows remote attackers to execute arbitrary SQL commands via the topic parameter.

Affected Products

phpWebsite phpWebsite 0.10.2
phpWebsite phpWebsite 0.10.1
+ Gentoo Linux
phpWebsite phpWebsite 0.10
phpWebsite phpWebsite 0.9.3 -4
phpWebsite phpWebsite 0.9.3 -3
phpWebsite phpWebsite 0.9.3 -2
phpWebsite phpWebsite 0.9.3 -1
phpWebsite phpWebsite 0.9.3
phpWebsite phpWebsite 0.8.3
phpWebsite phpWebsite 0.8.2
phpWebsite phpWebsite 0.7.3

Impact

Arbitrary SQL commands execution.

Recommended Actions

Currently we are not aware of any vendor-supplied patches for this issue.

CVE References

CVE-2006-0973