|
Description
|
|
A vulnerability has been discovered in osCMax, which can be exploited by malicious users to conduct SQL injection attacks.
Input passed via the URL after e.g. admin/index.php/ is not properly sanitised in admin/includes/functions/general.php before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Successful exploitation of this vulnerability requires access to the admin section.
The vulnerability is confirmed in version 2.5.1. Other versions may also be affected.
|
