|
Description
|
|
Multiple vulnerabilities have been identified in aflog, which could be exploited by remote attackers to execute arbitrary SQL queries or scripting code.
The first issue is caused by an input validation error in the "comments.php" script that does not validate the "id" parameter, which could be exploited by malicious people to conduct SQL injection attacks.
The second vulnerability is caused by input validation errors in the "comments.php" script that does not validate user-supplied comments before being displayed, which could be exploited by malicious people to conduct cross site scripting attacks.
|
