MidnightBSD

Advisories for 4site

CVE-2010-4152 HIGH

SQL injection vulnerability in catalog/index.shtml in 4site CMS 2.6, and possibly earlier, allows remote attackers to execute arbitrary SQL commands via the cat parameter. NOTE: the i and th vectors are already covered by CVE-2009-0646.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
4site 4site_cms 2.0
4site 4site_cms 2.2
4site 4site_cms *