|
Description
|
|
Two vulnerabilities were identified in Plague News System, which could be exploited by malicious users to conduct SQL injection attacks or delete arbitrary posts.
- The first issue is due to an error in the "delete.php" file that does not properly validate permissions, which may be exploited by attackers to delete arbitrary comments, news or shoutbox posts.
- The second vulnerability is due to an input validation error in the "index.php" script when processing a specially crafted "cid" parameter, which may be exploited by remote users to conduct SQL injection or cross site scripting attacks.
|
