|
Description
|
|
A vulnerability has been identified in PHPStatus, which may be exploited by remote attackers to execute arbitrary SQL commands. This flaw is due to an input validation error in the "check.php" script that does not properly validate the "username" parameter before being used in SQL statements, which may be exploited by malicious people to conduct SQL injection attacks to bypass the authentication procedure and gain unauthorized access to the application.
Note : Some other unspecified SQL injection and cross site scripting vulnerabilities have also been identified in the administrative interface.
|
