CVE-2004-2669 - Voluted Forks

Description

Multiple SQL injection vulnerabilities in Land Down Under (LDU) v701 allow remote attackers to execute arbitrary SQL commands or obtain the installation path via parameters including (1) s w and d in users.php (2) id in comments.php (3) rusername in auth.php or (4) h in plug.php.

Reference

http://www.neocrome.net/page.php?id=1573 http://www.ptsecurity.ru/advisory.asp http://www.neocrome.net/index.php?m=single&id=91 http://www.securityfocus.com/bid/11569 http://www.osvdb.org/11299 http://www.osvdb.org/11300 http://www.osvdb.org/11301 http://www.osvdb.org/11302 http://securitytracker.com/id?1012015 http://secunia.com/advisories/13034 https://exchange.xforce.ibmcloud.com/vulnerabilities/17912