CVE-2005-3646

Multiple SQL injection vulnerabilities in lib-sessions.inc.php in phpAdsNew and phpPgAds 2.0.6 and possibly earlier versions allow remote attackers to execute arbitrary SQL commands via the sessionID parameter in (1) logout.php and (2) index.php.

Date published : 2005-11-17

http://www.securityfocus.com/bid/15385/

http://marc.info/?l=bugtraq&m=113165036315035&w=2