MOABI : Continuous Software Improvement

CVE-2009-4798
Description	Multiple SQL injection vulnerabilities in Diskos CMS 6.x allow remote attackers to execute arbitrary SQL commands via the (1) kat parameter to side.asp, and the (2) brugerid and (3) password fields to the administration login feature.
Impact	CVSS v2 : 7.5 HIGH
Type	CWE-89
Attack Vector	CVSSv2 Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P
Quick links	CVE, NVD, CERT, Metasploit, Exploit-db, Fulldisc, Bugtraq, Microsoft, Red Hat, Debian, GitHub code/issues, Google
References	http://secunia.com/advisories/34540 http://www.exploit-db.com/exploits/8307 http://www.securityfocus.com/bid/34289 https://exchange.xforce.ibmcloud.com/vulnerabilities/49509 https://exchange.xforce.ibmcloud.com/vulnerabilities/49510