SQL injection vulnerability in search_inv.php in Assetman 2.5b allows remote malicious users to execute arbitrary SQL commands and conduct session fixation attacks via a combination of crafted order and order_by parameters in a search_all action.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
assetman assetman 2.5b |