SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows remote attackers to modify the backend database via the (1) table and (2) field parameters in LinkClick.aspx.Referenceshttp://secunia.com/advisories/10747http://www.securityfocus.com/bid/9518http://www.osvdb.org/3750https://exchange.xforce.ibmcloud.com/vulnerabilities/14973http://archives.neohapsis.com/archives/fulldisclosure/2004-01/1161.html
