|
Description
|
|
Multiple vulnerabilities have been identified in Addalink, which could be exploited by attackers to manipulate or disclose certain data.
The first issue is caused by an input validation error in the "user_read_links.php" script when processing the "category_id" parameter, which could be exploited by malicious people to conduct SQL injection attacks and gain knowledge of sensitive information.
The second issue is caused due to the administrative section not requiring authentication, which could be exploited by attackers to manipulate data (e.g. delete links or reset counters).
A design error in "add_link.php" could be exploited to add approved websites.
|
