|
Description
|
|
Multiple vulnerabilities have been identified in iPrimal Forums, which could be exploited by remote attackers to compromise a vulnerable server.
The first issue is due to input validation errors in the "chk_admin.php" script that does not validate the "username" and "password" cookie parameters, which could be exploited by malicious people to conduct SQL injection attacks and gain unauthorized access to the administrative section.
The second vulnerability is due to input validation errors in the "index.php" and "admin/index.php" scripts that do not validate the "p" parameter, which could be exploited by remote attackers to include malicious scripts and execute arbitrary commands with the privileges of the web server.
|
