A remote SQL injection vulnerability exists in ?IXForum 1.12. An attacker can exploit this vulnerability to gain access to the admin panel of the application. The attacker can use the ?epId?parameter in the ?eplyNew.asp?page to inject malicious SQL code and gain access to the admin panel.
A remote SQL injection vulnerability exists in ©ZIXForum 1.12. An attacker can exploit this vulnerability to gain access to the admin panel of the application. The attacker can use the ‘RepId’ parameter in the ‘ReplyNew.asp’ page to inject malicious SQL code and gain access to the admin panel.
A remote blind SQL injection vulnerability exists in Icblogger. An attacker can send a specially crafted HTTP request to the vulnerable application in order to execute arbitrary SQL commands in the back-end database. This can potentially result in the manipulation or disclosure of arbitrary data.
This exploit allows an attacker to inject malicious SQL code into the vulnerable "comments.asp" page of the LBlog application. The attacker can then use this vulnerability to gain access to the admin panel of the application.
A vulnerability in SimpleBlog 2.0 <= "comments.asp" allows an attacker to inject arbitrary SQL commands. This can be exploited to manipulate SQL queries by e.g. injecting additional statements. This can be used to bypass authentication or disclose sensitive information.