Title : Anthill "order" and "bug" Parameters Handling Remote SQL Injection Vulnerabilities VUPEN ID : VUPEN/ADV-2006-2529 CVE ID : CVE-2006-3244
Rated as : Moderate Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-06-26
Technical Description
Multiple vulnerabilities have been identified in Anthill, which may be exploited by remote attackers to execute arbitrary SQL commands. These flaws are due to input validation errors in the "buglist.php" and "query.php" scripts that do not validate the "order" and "bug" parameters before being used in SQL statements, which could be exploited by malicious people to conduct SQL injection attacks.
