Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote malicious users to execute arbitrary SQL commands via the (1) find, (2) lib, or (3) sid parameter.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
exlibrisgroup aleph 500 18.1 |
||
exlibrisgroup aleph 500 20.0 |