|
Description
|
|
Multiple vulnerabilities have been discovered in Blogs manager, which can be exploited by malicious people to conduct SQL injection attacks.
Input passed via the "SearchField" parameter to _authors_list.php, _blogs_list.php, _category_list.php, _comments_list.php, _policy_list.php, _rate_list.php, categoriesblogs_list.php, chosen_authors_list.php, chosen_blogs_list.php, chosen_comments_list.php, and help_list.php (when "a" is set to "search", "SearchFor" is set, and "SearchOption" is set to "Contains") is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
The vulnerabilities are confirmed in version 1.101. Other versions may also be affected.
|
