|
Description
|
|
Multiple vulnerabilities have been reported in MYRE Vacation Rental Software, which can be exploited by malicious people to conduct cross-site scripting and SQL injection attacks.
1) Input passed via the "link_idd" parameter to 1_mobile/alert_members.php (when "action" is set to "login") is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site.
2) Input passed via the "garage1" and "bathrooms1" parameters to 1_mobile/search.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
|
