Multiple SQL injection vulnerabilities in the file browser component (we_fs.php) in webEdition CMS prior to 6.2.7-s1.2 and 6.3.x up to and including 6.3.8 before -s1 allow remote malicious users to execute arbitrary SQL commands via the (1) table or (2) order parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
webedition webedition cms 6.3.8.0 |
||
webedition webedition cms 6.3.3.0 |
||
webedition webedition cms 6.2.7.0 |