Arbitrary SQL Command Execution in Hulihan BXR 0.6.8 via order_by Parameter

Arbitrary SQL Command Execution in Hulihan BXR 0.6.8 via order_by Parameter

CVE-2010-4963 · HIGH Severity

AV:N/AC:L/AU:N/C:P/I:P/A:P

SQL injection vulnerability in folder/list in Hulihan BXR 0.6.8 allows remote attackers to execute arbitrary SQL commands via the order_by parameter.

Learn more about our Web Application Penetration Testing UK.