SQL Injection in Autosectools V-cms

CVE-2011-4826

SQL injection vulnerability in session.php in AutoSec Tools V-CMS 1.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to process.php. NOTE: some of these details are obtained from third party information.

Vulnerability class: SQL Injection

EPSS: 0.004 (60.6th percentile) — read the EPSS interpretation.

Affected products

Autosectools V-cms — versions 1.0
N/a — versions n/a

Weakness classification (CWE)

CWE-89 — SQL Injection

References

50706 (Exploit, vdb-entry, x_refsource_BID)
cve@mitre.org (Exploit, x_refsource_MISC, Vendor Advisory)
46861 (x_refsource_SECUNIA, third-party-advisory, Vendor Advisory)