SQL injection vulnerability in lista_anexos.php in WebChamado 1.1 allows remote malicious users to execute arbitrary SQL commands via the tsk_id parameter.
webchamado webchamado 1.1