Multiple SQL injection vulnerabilities in u5CMS prior to 3.9.4 allow remote malicious users to execute arbitrary SQL commands via the name parameter to (1) copy2.php, (2) localize.php, (3) metai.php, (4) nc.php, (5) new2.php, or (6) rename2.php in u5admin/; (7) c parameter to u5admin/editor.php; (8) typ parameter to u5admin/meta2.php; or (9) newname parameter to u5admin/rename2.php.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
yuba u5cms |