CVE-2013-6839

SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id].

Date published : 2013-12-13

http://www.securityfocus.com/bid/63842

http://archives.neohapsis.com/archives/bugtraq/2013-12/0049.html