|
Description
|
|
Multiple vulnerabilities have been identified in THoRCMS, which could be exploited by remote attackers to compromise a vulnerable server.
The first issue is due to input validation errors in the "cms_admin.php" script that fails to properly validate certain parameters (e.g. "add_link_mid"), which could be exploited by malicious people to conduct SQL injection attacks.
The second vulnerability is due to an input validation error in the "includes/functions_cms.php" script that does not validate the "phpbb_root_path" parameter, which may be exploited by remote attackers to include local or remote scripts with the privileges of the web server.
|
