|
Description
|
|
A vulnerability has been identified in Mafia Moblog, which may be exploited by attackers to execute arbitrary SQL commands. This flaw is due to an input validation error in the "templates/match plus/big.php" script that does not validate the "img" parameter before being used in SQL statements, which could be exploited by malicious people to conduct SQL injection attacks.
Note : An error in the "big.php" and "upgrade.php" scripts when handling invalid or empty variables could be exploited by attackers to determine the installation path.
|
