|
Description
|
|
Multiple vulnerabilities have been identified in LineWeb, which could be exploited by remote attackers to execute arbitrary SQL queries or disclose sensitive information.
The first issue is caused by input validation errors in the "index.php" and "admin/index.php" scripts when processing the "op" parameter, which could be exploited by malicious users to include local files with the privileges of the web server.
The second vulnerability is caused by input validation errors in the "admin/edit_news.php", "admin/edit_downloads.php" and "admin/edit_ads.php" scripts when processing the "newsid", "id" and "ad_id" parameters, which could be exploited by malicious people to conduct SQL injection attacks.
Note : Various scripts within the administrative interface can be accessed without authentication, which could allow attackers to modify certain data.
|
