Multiple SQL injection vulnerabilities in PicoPublisher 2.0 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) page.php or (2) single.php.

References

• https://nvd.nist.gov/vuln/detail/CVE-2012-5912
• https://exchange.xforce.ibmcloud.com/vulnerabilities/74402
• http://osvdb.org/80667
• http://osvdb.org/80668
• http://packetstormsecurity.org/files/111274/PicoPublisher-2.0-SQL-Injection.html
• http://www.exploit-db.com/exploits/18670
• http://www.securityfocus.com/bid/52808