SQL injection vulnerability in Alstrasoft Article Manager Pro 1.6 allows remote malicious users to execute arbitrary SQL commands via (1) the author_id parameter in profile.php and (2) the aut_id parameter in userarticles.php. NOTE: the aut_id vector can produce resultant path disclosure if the SQL manipulation is invalid.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
alstrasoft article manager pro 1.6 |