Описание
Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category parameter to index.php.
Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category parameter to index.php.
Ссылки
- https://nvd.nist.gov/vuln/detail/CVE-2015-1434
- https://exchange.xforce.ibmcloud.com/vulnerabilities/100855
- https://www.htbridge.com/advisory/HTB23248
- http://mylittleforum.net/forum/index.php?id=8182
- http://packetstormsecurity.com/files/130356/My-Little-Forum-2.3.3-Cross-Site-Scripting-SQL-Injection.html
- http://www.securityfocus.com/archive/1/534681/100/0/threaded
- http://www.securityfocus.com/bid/72575
Связанные уязвимости
nvd
почти 11 лет назад
Multiple SQL injection vulnerabilities in my little forum before 2.3.4 allow remote administrators to execute arbitrary SQL commands via the (1) letter parameter in a user action or (2) edit_category parameter to index.php.