SQL injection vulnerability in profile_view.php in Devana 1.6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-89,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| devana | devana | 1.4.3 |
| devana | devana | * |
| devana | devana | 1.3.3 |
| devana | devana | 1.2.4 |
| devana | devana | 1.1.1 |
| devana | devana | 1.5.3 |
| devana | devana | 1.0 |