Multiple SQL injection vulnerabilities in Jupiter CMS 1.1.5 allow remote malicious users to execute arbitrary SQL commands via the Client-IP HTTP header and certain other HTTP headers, which set the ip variable that is used in SQL queries performed by index.php and certain other PHP scripts. NOTE: the attack vector might involve _SERVER.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
jupiter cms jupiter cms 1.1.5 |