|
Description
|
|
Multiple vulnerabilities have been identified in Loudblog, which could be exploited by remote attackers to execute SQL commands or disclose the contents of arbitrary files.
The first flaw is due to an input validation error in the "podcast.php" script that does not properly validate the "id" variable before being used in SQL statements, which could be exploited by malicious people to conduct SQL injection attacks.
The second issue is due to an input validation error in the "index.php" script that does not properly validate the "template" parameter, which could be exploited by remote attackers to access and read the contents of arbitrary files on a vulnerable system.
The third vulnerability is due to errors in the "inc/backend_settings.php" and "index.php" scripts that do not properly validate the "language" and "page" parameters, which could be exploited by attackers to include local files with the privileges of the web server.
|
