|
Description
|
|
Two vulnerabilities have been identified in AlstraSoft Video Share Enterprise, which could be exploited by attackers to execute arbitrary SQL queries or disclose and manipulate certain information.
The first issue is caused by a design error in the "siteadmin/useredit.php" script that does not require authentication, which could be exploited by attackers to disclose or modify arbitrary user profiles.
The second vulnerability is caused by an input validation error in the "msg.php" script that does not validate the "id" parameter before being used in SQL statements, which could be exploited by malicious users to conduct SQL injection attacks.
|
