MidnightBSD

Advisories for tirzen

CVE-2010-1583 HIGH

SQL injection vulnerability in the loadByKey function in the TznDbConnection class in tzn_mysql.php in Tirzen (aka TZN) Framework 1.5, as used in TaskFreak! before 0.6.3, allows remote attackers to execute arbitrary SQL commands via the username field in a login action.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-89,

Products Affected

Vendor Product Version
taskfreak taskfreak! 0.5.4
taskfreak taskfreak! 0.1.4
taskfreak taskfreak! 0.1.2
taskfreak taskfreak! 0.4.0
taskfreak taskfreak! 0.4.1
taskfreak taskfreak! 0.5.0
taskfreak taskfreak! 0.4.2
taskfreak taskfreak! 0.5.6
taskfreak taskfreak! 0.5.3
taskfreak taskfreak! 0.6.1
tirzen tirzen_framework 1.5
taskfreak taskfreak! *
taskfreak taskfreak! 0.5.5
taskfreak taskfreak! 0.1
taskfreak taskfreak! 0.5.7
taskfreak taskfreak! 0.5.2
taskfreak taskfreak! 0.1.3
taskfreak taskfreak! 0.6.0
taskfreak taskfreak! 0.5.1