Multiple SQL injection vulnerabilities in formulaires/inc-formulaire_forum.php3 in SPIP 1.8.2-e and previous versions and 1.9 Alpha 2 (5539) and previous versions allow remote malicious users to execute arbitrary SQL commands via the (1) id_forum, (2) id_article, or (3) id_breve parameters to forum.php3; (4) unspecified vectors related to "session handling"; and (5) when posting "petitions".
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
spip spip |