|
Description
|
|
muuratsalo has discovered multiple vulnerabilities in LabStoRe, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed to the "where_clause" parameter in stocks/interface_creator/index.php, stocks/interface_creator/index_long.php, and stocks/interface_creator/index_short.php (when "function" is set to "search" and "table_name" is set to an accessible dadabik table name) is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerabilities are confirmed in version 1.5.4. Other versions may also be affected.
|
