Multiple SQL injection vulnerabilities in (1) acid_qry_main.php in Analysis Console for Intrusion Databases (ACID) 0.9.6b20 and (2) base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.2, and unspecified other console scripts in these products, allow remote malicious users to execute arbitrary SQL commands via the sig[1] parameter and possibly other parameters.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
acid analysis console for intrusion databases 0.9.6b20 |
||
secureideas basic analysis and security engine 1.2 |