Multiple SQL injection vulnerabilities in DropAFew prior to 0.2.1 allow remote malicious users to execute arbitrary SQL commands via the (1) id parameter in the delete action in (a) search.php or (b) search-pda.php, or the (2) calories parameter in a save action in editlogcal.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
dropafew dropafew |