|
Description
|
|
Two vulnerabilities were identified in XMB Forum, which could be exploited by malicious users to conduct SQL injection attacks or overwrite server set variables.
This first issue is due to an input validation error in the "xmb.php" script when extracting variables, which may be exploited by attackers to overwrite server set variables via a specially crafted form (i.e. "_SERVER[REMOTE_ADDR]").
The second flaw is due to an input validation error in the "include/u2u.inc.php" script when processing a specially crafted "in" variable via the "u2u_select" parameter, which may be exploited by remote users to conduct SQL injection attacks.
|
