|
Description
|
|
A vulnerability was identified in Digital Scribe, which could be exploited by attackers to execute arbitrary commands or conduct SQL injection attacks. This issue is due to an input validation error in the "login.php" script that does not properly filter a specially crafted "username" variable, which may be exploited by remote attackers to conduct SQL injection, gain unauthorized administrative access to the application, and execute arbitrary commands via the the template editing feature.
|
