|
Description
|
|
Multiple vulnerabilities have been discovered in GENU, which can be exploited by malicious people to conduct SQL injection attacks.
1) Input passed via the "article_id" parameter to articles/read.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
2) Input passed via the "match" parameter to comments/search.php, news/search.php, and posts/search.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerabilities are confirmed in version 2012.3. Prior versions may also be affected.
|
