|
Description
|
|
Multiple vulnerabilities have been identified in Crea-Book, which could be exploited by remote attackers to execute arbitrary commands. These issues are caused by input validation errors in various scripts (e.g. "admin/admin.php") that do not validate the "pseudo" and "passe" parameters before being used in SQL statements, which could be exploited by malicious people to conduct SQL injection attacks and gain unauthorized access to the administrative interface where they can inject arbitrary PHP code to the "config.inc.php3" file via the "admin/configurer.php" script.
|
