|
Description
|
|
Multiple vulnerabilities have been identified in FreeWebshop, which could be exploited by remote attackers to execute SQL commands or disclose the contents of arbitrary files.
The first flaw is due to input validation errors when processing the "name", "pass", and "prod" parameters, which could be exploited by malicious people to conduct SQL injection attacks.
The second issue is due to an input validation error in the "index.php" script that does not validate the "action" parameter, which could be exploited by remote attackers to include local files with the privileges of the web server.
|
