cpe:/a:php-fusion:the_kroax_module:4.42 CVE-2008-5196 2008-11-21T12:30:00.547-05:00 2017-09-28T21:32:30.570-04:00 7.5 NETWORK LOW NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2008-11-24T09:26:00.000-05:00 ALLOWS_OTHER_ACCESS BID 29976 SREASON 4639 EXPLOIT-DB 5942 XF kroax-kroax-sql-injection(43462) SQL injection vulnerability in kroax.php in the Kroax (the_kroax) 4.42 and earlier module for PHP-Fusion allows remote attackers to execute arbitrary SQL commands via the category parameter.