|
Description
|
|
Sony has reported a vulnerability in Omnistar Live, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed via the "only_dept" parameter to support85/chat_request.php is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
Note: This can further be exploited to conduct cross-site scripting attacks.
The vulnerability is reported in version 8.5. Other versions may also be affected.
|
