SQL injection vulnerability in plugins/search/search.php in Neocrome Seditio CMS 121 and earlier allows remote attackers to execute arbitrary SQL commands via the pag_sub[] parameter to plug.php. Successful exploitation requires that "magic_quotes_gpc" is disabled.
Publication date: Sat, 01 Dec 2007 12:46:00 +0000