SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid parameter.
References
Link | Resource |
---|---|
http://osvdb.org/96306 | |
http://seclists.org/fulldisclosure/2013/Sep/9 | |
http://www.exploit-db.com/exploits/27602 | Exploit Patch |
http://www.securityfocus.com/bid/61788 | Exploit |
http://www.zldnn.com/ViewArticle/Solution-for-DNNArticle-RSS-Security-Issue.aspx | Vendor Advisory Patch |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2014-03-12T14:00:00
Updated: 2014-03-12T13:57:00
Reserved: 2013-08-13T00:00:00
Link: CVE-2013-5117
JSON object: View
NVD Information
Status : Analyzed
Published: 2014-03-12T14:55:30.710
Modified: 2014-03-13T16:06:44.903
Link: CVE-2013-5117
JSON object: View
Redhat Information
No data.
CWE