|
Description
|
|
A vulnerability has been identified in NetOffice, which may be exploited by remote attackers to execute arbitrary SQL commands. This flaw is due to an input validation error in the "general/sendpassword.php" script that does not validate the "loginForm" parameter before being used in SQL statements, which could be exploited by malicious people to conduct SQL injection attacks and gain knowledge of the administrator's password hash. This can further be exploited to execute arbitrary commands by injecting malicious PHP code into the "settings.php" script via the "Ftp server" field.
|
