Multiple SQL injection vulnerabilities in Club-Nuke [XP] 2.0 LCID 2048 allow remote attackers to execute arbitrary SQL commands via the (1) haber_id parameter to haber_detay.asp, and allow remote authenticated users to execute arbitrary SQL commands via the (2) menu_id parameter to menu.asp. User Logins must be enabled by Admin to exploit this vulnerability.
Publication date: Fri, 11 Aug 2006 06:04:00 +0000