From: predej deja <m4ilinglists@gmail.com>
To: cert@cert.org, osvdb <moderators@osvdb.org>, secunia <vuln@secunia.com>, securityfocus <listadmin@securityfocus.com>
Date: Tue, 28 Mar 2006 18:23:27 +0200
Subject: [OSVDB Mods] Tilde CMS 3x - Sql Injection

Tilde CMS 3x - Sql Injection

Vendor URL: http://www.tilde.dk

Description:

Input passes to the 'id' parameter in index.php is not
correctly validated which allows attackers to run sql queries.

PoC:

http://www.nordscen.org/index.php?id=%27



Preddy
RootShell Security Group
www.rootshell-security.net