NuytsTech Security

CVE-2006-0774

by ·

SQL injection vulnerability in deleteSession() in DB_eSession library 1.0.2 and earlier, as used in multiple products, allows remote attackers to execute arbitrary SQL commands via the $_sess_id_set variable, which is usually derived from PHPSESSID.

Date published : 2006-02-18

http://www.securityfocus.com/bid/16598

http://www.securityfocus.com/archive/1/424819/100/0/threaded

Tags: