https://www.exploit-db.com/exploits/21517
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200210-035

VoxelDotNetCBMS0.7及其更早版本存在漏洞。远程攻击者可以像其他用户进行未认证操作，如借助dltclnt.php删除客户，该漏洞可能还会触发SQL注入攻击。

source: http://www.securityfocus.com/bid/4957/info

It has been reported that multiple vulnerabilities exist in CBMS. Reportedly, it is possible to inject both JavaScript and SQL code into the system. It may be possible to execute script code within the context of the site as an authenticated administrator, or to view or modify sensitive database information through the subversion of an SQL query.

These issues have been reported in version 0.7 of CBMS. Other versions may share these vulnerabilities, this has not however been confirmed.

dltclnt.php?choice=yes&idnum=clientid

来源:BID
名称:4957
链接:http://www.securityfocus.com/bid/4957
来源:XF
名称:cbms-php-sql-injection(9295)
链接:http://www.iss.net/security_center/static/9295.php
来源:BUGTRAQ
名称:20020606CBMS:XSSandSQLInjectionholes
链接:http://archives.neohapsis.com/archives/bugtraq/2002-06/0043.html