漏洞类别:CGI
漏洞等级: 
漏洞信息
phpCollab is an open source internet-enabled system for use in projects that require collaboration over the internet.
A SQL injection vulnerability has been identified in the 'id' parameter of the './phpcollab/users/' module.
Affected Version:
phpCollab - Content Management System version 2.5, older versions may be affected
漏洞危害
A remote attacker could exploit this vulnerability to compromise the database.
解决方案
Customers are advised to contact the Vendor to fix this vulnerability. Workaround:
The vulnerability can be patched by using a prepared statement in the 'emailusers.php' file. Also, it is advisable to disallow special characterss and escape the input and output.
0day
文章评论