|
Description
|
|
A vulnerability has been identified in SZUserMgnt, which may be exploited by remote attackers to execute arbitrary SQL commands. This flaw is due to an input validation error in the "sys/SZUserMgnt.class.php" script that does not properly validate the "username" parameter, which may be exploited by malicious people to conduct SQL injection attacks and gain unauthorized access to the application by supplying a specially crafted username to the "login.php" script.
|
