CVE-2007-4156

Name of the Vulnerable Software and Affected Versions wolioCMS (affected versions not specified)

Description The issue concerns SQL injection vulnerabilities that allow remote attackers to execute arbitrary SQL commands. This is possible via the id parameter to member.php in a page action, related to a SELECT statement in common.php, and potentially through the loginid parameter (uid variable) and the pwd parameter to admin/index.php. No information is provided about the estimated number of potentially affected devices or real-world incidents.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.