QwikSec

Security Database

CVE

CWE

Training

CVE Database
/

CVE-2011-5140

Back to search

CVE-2011-5140

Published: Aug 31, 2012

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple SQL injection vulnerabilities in the blog module 1.0 for DiY-CMS allow remote attackers to execute arbitrary SQL commands via the (1) start parameter to (a) tags.php, (b) list.php, (c) index.php, (d) main_index.php, (e) viewpost.php, (f) archive.php, (g) control/approve_comments.php, (h) control/approve_posts.php, and (i) control/viewcat.php; and the (2) month and (3) year parameters to archive.php.

VendorProductVersions

n/a

n/a

affected
n/a

References

78081
vdb-entry
x_refsource_OSVDB
47337
third-party-advisory
x_refsource_SECUNIA
78083
vdb-entry
x_refsource_OSVDB
78071
vdb-entry
x_refsource_OSVDB
18288
exploit
x_refsource_EXPLOIT-DB
78080
vdb-entry
x_refsource_OSVDB
diycms-mod-sql-injection(72022)
vdb-entry
x_refsource_XF
78082
vdb-entry
x_refsource_OSVDB

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now