SQL injection vulnerability in Joovili 3.0 and previous versions, when magic_quotes_gpc is disabled, allows remote malicious users to execute arbitrary SQL commands via the id parameter to (1) view.blog.php, (2) view.event.php, (3) view.group.php, (4) view.music.php, (5) view.picture.php, and (6) view.video.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
joovili joovili 2.1 |
||
joovili joovili |
||
joovili joovili 3.0.6 |