Multiple SQL injection vulnerabilities in KerviNet Forum...
High severity
Unreviewed
Published
May 2, 2022
to the GitHub Advisory Database
•
Updated Jan 31, 2023
Description
Published by the National Vulnerability Database
Jul 5, 2009
Published to the GitHub Advisory Database
May 2, 2022
Last updated
Jan 31, 2023
Multiple SQL injection vulnerabilities in KerviNet Forum 1.1 and earlier allow remote attackers to execute arbitrary SQL commands via (1) an enter_parol cookie to index.php in an auto action or (2) the topic parameter to message.php. NOTE: vector 2 can be leveraged for a cross-site scripting (XSS) attack.
References