Ovidentia 7.9.4 Multiple Remote Vulnerabilities

Input passed via several parameters is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and HTML/script code in a user’s browser session in context of an affected site.

ovidentia-sqli2

Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2013-5154.php

Comment are closed.